CVE-2024-9381: 
Ivanti Cloud Services Appliance vulnerability analysis and mitigation

A path traversal vulnerability (CVE-2024-9381) was discovered in Ivanti Cloud Services Appliance (CSA) affecting versions before 5.0.2. The vulnerability allows a remote authenticated attacker with admin privileges to bypass restrictions. The vulnerability was disclosed on October 8, 2024, and received a CVSS v3.1 base score of 7.2 (HIGH) (NVD).

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal'). It requires administrative privileges and network access for exploitation. The vulnerability received a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, high privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability (NVD).

When successfully exploited, the vulnerability allows attackers with administrative privileges to bypass security restrictions through path traversal. The vulnerability has been observed being exploited in the wild when chained with CVE-2024-8963, particularly affecting customers running CSA 4.6 patch 518 and prior versions (Help Net Security).

Ivanti has released version 5.0.2 to address this vulnerability. Users are strongly advised to upgrade to CSA v5.0.2, especially since CSA 4.6 has reached end-of-life status. Organizations should also monitor for indicators of compromise, particularly modified or newly added administrative CSA users (Help Net Security).