CVE-2024-11639
published 2024-12-10CVE-2024-11639: An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.81%
90.8th percentile
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | cloud_services_appliance | < 5.0.3 | 5.0.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product is Ivanti CSA (Cloud Services Application) admin web console versions before 5.0.3; any unauthenticated request reaching the admin web console interface that results in administrative access should be treated as suspicious ↗
- ·The vulnerability affects Ivanti CSA versions before 5.0.3 only; upgrading to 5.0.3 or later remediates the authentication bypass (CWE-288/CWE-306). CVSS Base Score is 10.0 (CRITICAL), indicating full unauthenticated remote exploitation is possible with no user interaction. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4hpg-vxh4-jm69: An authentication bypass in the admin web console of Ivanti CSA before 5
ghsa_unreviewed·2024-12-10
CVE-2024-11639 [CRITICAL] CWE-288 GHSA-4hpg-vxh4-jm69: An authentication bypass in the admin web console of Ivanti CSA before 5
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
Ivanti
Ivanti Security Advisory: CVE-2024-11639
vendor_ivanti·2024-12-10·CVSS 10.0
CVE-2024-11639 [CRITICAL] CWE-288 Ivanti Security Advisory: CVE-2024-11639
Ivanti Security Advisory: CVE-2024-11639
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CVE IDs: CVE-2024-11639
CVSS Base Score: 10.0
Severity: CRITICAL
CWEs: CWE-288, CWE-306
No detection rules found.
No public exploits indexed.
2024-12-10
Published