IRONSMITHINTEL
MEDIUMCVSS6.5
|
Actively Exploited
|CISA KEV|CVE-2024-9379|Auth: high — administrative privileges|Reboot: required|Manual only

Ivanti Cloud Services Appliance (CSA) < 5.0.2 — SQLi

Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.

Published Oct 8, 2024 · Updated May 17, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, with administrative privileges, can achieve partial data exposure, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2024-10-30 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a SQL Injection (CWE-89) vulnerability in Ivanti Cloud Services Appliance (CSA). SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. Exploitation requires remote network access, low attack complexity, an administrative account, and no user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

Network Security Team
Firewall Administrators
IT Security
Running endpoint manager cloud services appliance: v < 5.0.2
Fixed in5.0.2
Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2024-10-09 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2024-10-30.

How to patch

Manual remediation steps

1
Identify affected hosts: query inventory for network-security installs in scope.
2
Upgrade to version 5.0.2 or later. Stage in a test ring before broad deployment.
3
Verify by checking the installed version on a sample of remediated hosts.
4
Document the remediation in your change ticket and re-scan with your vulnerability scanner to confirm closure.
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2024-9379MSRC AdvisoryNVDVendor Advisory