module

Ivanti Cloud Services Appliance (CSA) Command Injection

Disclosed	Created
Dec 2, 2021	Jan 17, 2023

Disclosed

Dec 2, 2021

Created

Jan 17, 2023

Description

This module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance (CSA)
for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the
Cloud Services Appliance before `4.6.0-512` allows an unauthenticated user to
execute arbitrary code with limited permissions. Successful exploitation results
in command execution as the `nobody` user.

Authors

Jakub Kramarz
h00die-gr3y [email protected]

Platform

Linux,PHP,Unix

Architectures

cmd, x64, php

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/linux/http/ivanti_csa_unauth_rce_cve_2021_44529
    msf exploit(ivanti_csa_unauth_rce_cve_2021_44529) > show targets
        ...targets...
    msf exploit(ivanti_csa_unauth_rce_cve_2021_44529) > set TARGET < target-id >
    msf exploit(ivanti_csa_unauth_rce_cve_2021_44529) > show options
        ...show and set options...
    msf exploit(ivanti_csa_unauth_rce_cve_2021_44529) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today