Ivanti Cloud Services Appliance (CSA) Command Injection
This Metasploit module exploits a command injection vulnerability in the
Ivanti Cloud Services Appliance (CSA) for Ivanti Endpoint Manager. A
cookie based code injection vulnerability in the Cloud Services Appliance before 4.6.0-512 allows an unauthenticated user to execute arbitrary code
with limited permissions. Successful exploitation results in command
execution as the nobody user.
https://packetstormsecurity.com/files/170590/ivanti_csa_unauth_rce_cve_2021_445 29.rb.txt
Wed, 18 Jan 2023 17:15:37 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com