About the Vulnerability

Introduction

Ivanti Cloud Services Application (CSA) is a locally deployed virtual device designed to simplify and enhance the integration of Ivanti products with cloud services. It is primarily used to support IT service management and the automation of cloud services, helping businesses streamline and automate IT processes to improve operational efficiency.

Summary

On February 12, 2025, Sangfor FarSight Labs received notification that an Ivanti Cloud Services Application(CSA) component contains information of Command Execution Vulnerability(CVE-2024-47908), classified as critical in threat level.

A remote command execution vulnerability exists in the Ivanti CSA Administrator Console interface prior to version 5.0.5. Attackers with administrative privileges can exploit this vulnerability to execute arbitrary commands, leading to server compromise.

Affected Versions

Ivanti CSA ≤ 5.0.4

Solutions

Remediation Solutions

Official Solution

The latest version has been officially released to fix this vulnerability. Affected users are recommended to update the version of Ivanti CSA to version 5.0.5.

Download link:

https://forums.ivanti.com/s/article/CSA-5-0-Download 

Timeline

On February 12, 2025, Sangfor FarSight Labs received notification of Ivanti CSA Remote Command Execution Vulnerability.

On February 12, 2025, Sangfor FarSight Labs released a vulnerability alert.

Reference

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-47908-CVE-2024-11771 

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

Roundup of Microsoft Patch Tuesday (June 2025)

Date : 13 Jun 2025
Read Now

CVE-2025-27817: Apache Kafka Connect Arbitrary File Read

Date : 12 Jun 2025
Read Now

CVE-2025-5419: Out-of-Bounds Read/Write Vulnerability in V8 in Google Chrome

Date : 03 Jun 2025
Read Now

See Other Product

Athena SASE - Secure Access Service Edge
Sangfor Athena NGFW - Next Generation Firewall
Sangfor Athena EPP - Modern Endpoint Protection Platform
Sangfor Athena NDR - Network Detection and Response
Cyber Command - NDR Platform
Endpoint Secure