Share
## https://sploitus.com/exploit?id=SAINT:7ADBD105784DA740BD493D2B62B5FAA6
Added: 03/26/2024  


### Background

[Ivanti Cloud Services Appliance (CSA)](<https://help.ivanti.com/ld/help/en_US/LDMS/10.0/Windows/csa-h-help.htm>) is an appliance that connects the console and managed devices over the Internet. 

### Problem

Cloud Services Appliance 4.5 and 4.6 are affected by a vulnerability which could allow a remote unauthenticated attacker to inject arbitrary commands by sending a GET request with a specially crafted `**exec**` cookie. 

### Resolution

Upgrade to CSA 4.6 and apply patch 512. 

### References

<https://forums.ivanti.com/s/article/SA-2021-12-02>