CVE-2021-44529 – Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability

https://notcve.org/view.php?id=CVE-2021-44529

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). Una vulnerabilidad de inyección de código en Ivanti EPM Cloud Services Appliance (CSA) permite a un usuario no autenticado ejecutar código arbitrario con permisos limitados (nobody) Ivanti Endpoint Manager CSA versions 4.5 and 4.6 suffer from an unauthenticated remote code execution vulnerability. Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). • https://www.exploit-db.com/exploits/50833 https://github.com/jax7sec/CVE-2021-44529 https://github.com/jkana/CVE-2021-44529 http://packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.html http://packetstormsecurity.com/files/170590/Ivanti-Cloud-Services-Appliance-CSA-Command-Injection.html https://forums.ivanti.com/s/article/SA-2021-12-02 https://attackerkb.com/topics/XTKrwlZd7p/cve-2021-44529 • CWE-94: Improper Control of Generation of Code ('Code Injection') •