module
Ivanti Cloud Services Appliance (CSA) Command Injection
| Disclosed |
|---|
| Dec 2, 2021 |
Disclosed
Dec 2, 2021
Description
This module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance (CSA)
for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the
Cloud Services Appliance before `4.6.0-512` allows an unauthenticated user to
execute arbitrary code with limited permissions. Successful exploitation results
in command execution as the `nobody` user.
for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the
Cloud Services Appliance before `4.6.0-512` allows an unauthenticated user to
execute arbitrary code with limited permissions. Successful exploitation results
in command execution as the `nobody` user.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.