CVE-2024-47908: 
Ivanti Cloud Services Appliance vulnerability analysis and mitigation

CVE-2024-47908 is a critical vulnerability discovered in Ivanti Cloud Services Application (CSA) affecting versions before 5.0.5. The vulnerability was disclosed on February 11, 2025, and involves an OS command injection flaw in the admin web console. This security issue has been assigned a CVSS v3.1 score of 9.1 (Critical) by Ivanti, while NIST has rated it at 7.2 (High) (NVD, Hacker News).

The vulnerability is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allowing for OS command injection in the admin web console. The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs high privileges (PR:H), and no user interaction (UI:N). The scope is changed (S:C) according to Ivanti's assessment, with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability allows a remote authenticated attacker with admin privileges to achieve remote code execution on the affected system. The critical CVSS score of 9.1 indicates severe potential consequences for organizations using vulnerable versions of Ivanti CSA (Security Online).

Ivanti has released version 5.0.5 of CSA to address this vulnerability. Organizations running CSA 5.0.4 and prior versions are strongly urged to update to CSA 5.0.5 immediately. The update can be obtained through the Ivanti Download Portal (Security Online).

Ivanti has acknowledged that their edge products have been targeted by sophisticated threat actors and has committed to improving their software security. The company has enhanced internal scanning, manual exploitation and testing capabilities, and has become a CVE Numbering Authority to better handle security disclosures (Hacker News).