Ivanti Cloud Services Appliance (CSA) Command Injection

Posted by deepcore on January 19, 2023 – 12:33 am

This Metasploit module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance (CSA) for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the Cloud Services Appliance before 4.6.0-512 allows an unauthenticated user to execute arbitrary code with limited permissions. Successful exploitation results in command execution as the nobody user.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Yuvan Education CRM 3.0 SQL Injection Jettweb Ready Rent A Car Script 4 Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Ivanti Cloud Services Appliance (CSA) Command Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL