Miggo Logo
Miggo Vulnerability Database
CVE-2024-8190

CVE-2024-8190: An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518...

7.2

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-8190
GHSA ID
GHSA-qjx2-rcx8-qr2r
EPSS Score
0.99789%
CWE
CWE-78
Published
9/10/2024
Updated
11/26/2024
KEV Status
Yes
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the Horizon3.ai blog post which inspected the patches for CVE-2024-8190. The blog post explicitly mentions 'DateTimeTab.php' and the 'handleDateTimeSubmit()' function as being involved in the vulnerability. The vulnerability lies in the lack of validation of the 'TIMEZONE' parameter before it's used in an 'exec()' call. The patch introduced validation for this parameter. Although the specific function that directly calls exec() isn't named, handleDateTimeSubmit() is the function that receives and processes the tainted input, making it a key function in the exploitation path.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n OS *omm*n* inj**tion vuln*r**ility in Iv*nti *lou* S*rvi**s *ppli*n** v*rsions *.* P*t** *** *n* ***or* *llows * r*mot* *ut**nti**t** *tt**k*r to o*t*in r*mot* *o** *x**ution. T** *tt**k*r must **v* **min l*v*l privil***s to *xploit t*is vuln*r**i

Reasoning

T** *n*lysis is **s** on t** *orizon*.*i *lo* post w*i** insp**t** t** p*t***s *or *V*-****-****. T** *lo* post *xpli*itly m*ntions '**t*Tim*T**.p*p' *n* t** '**n*l***t*Tim*Su*mit()' *un*tion *s **in* involv** in t** vuln*r**ility. T** vuln*r**ility