CVE-2024-9380

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 5 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

86.91%

probability

This CVE has a 86.91% probability of being exploited in the next 30 days.

0% Top 99.4th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77 · Command Injection CWE-78 · OS Command Injection

Ivanti warns of three more CSA zero-days exploited in attacks

BleepingComputer Oct 08, 2024

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

TheHackerNews

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

TheHackerNews

Exploitations de vulnérabilités dans Ivanti Cloud Services Appliance (CSA) (22 octobre 2024)

CERT-FR Oct 22, 2024

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

TheHackerNews

Signal Intelligence

Confidenceⓘ

85%

EPSS 86.91%

Mentions 5

Last Seen Oct 22, 2024

CNA Information

Analyst Note

CVE-2024-9380 is explicitly named as a zero-day being exploited in the wild by Ivanti's official warning ('three more CSA zero-days exploited in attacks'). Published October 8, 2024, with contemporaneous exploitation reports, and confirmed by CERT-FR advisory on October 22, 2024 documenting active exploitation. The timing and authoritative naming meet zero-day criteria.