About the Vulnerability

Introduction

Ivanti Cloud Services Application (CSA) is a locally deployed virtual device designed to simplify and enhance the integration of Ivanti products with cloud services. It is primarily used to support IT service management and the automation of cloud services, helping businesses streamline and automate IT processes to improve operational efficiency.

Summary

On February 12, 2025, Sangfor FarSight Labs received notification that an Ivanti Cloud Services Application(CSA) component contains information of Command Execution Vulnerability(CVE-2024-47908), classified as critical in threat level.

A remote command execution vulnerability exists in the Ivanti CSA Administrator Console interface prior to version 5.0.5. Attackers with administrative privileges can exploit this vulnerability to execute arbitrary commands, leading to server compromise.

Affected Versions

Ivanti CSA ≤ 5.0.4

Solutions

Remediation Solutions

Official Solution

The latest version has been officially released to fix this vulnerability. Affected users are recommended to update the version of Ivanti CSA to version 5.0.5.

Download link:

https://forums.ivanti.com/s/article/CSA-5-0-Download 

Timeline

On February 12, 2025, Sangfor FarSight Labs received notification of Ivanti CSA Remote Command Execution Vulnerability.

On February 12, 2025, Sangfor FarSight Labs released a vulnerability alert.

Reference

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-47908-CVE-2024-11771 

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2025-5419: Out-of-Bounds Read/Write Vulnerability in V8 in Google Chrome

Date : 03 Jun 2025
Read Now

Roundup of Microsoft Patch Tuesday (May 2025)

Date : 15 May 2025
Read Now

CVE-2025-31644: Command Injection in Appliance Mode in F5 BIG-IP

Date : 14 May 2025
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
SASE ROI Calculator - Assess Sangfor SASE’s Total Economic Impact
Sangfor Athena XDR
Cyber Command - NDR Platform
Endpoint Secure