CVE-2024-21887

Summary

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Affected Software

VendorProductVersion RangeStatus
IvantiICS9.1R18 <= 9.1R18affected
IvantiICS22.6R2 <= 22.6R2affected
IvantiIPS9.1R18 <= 9.1R18affected
IvantiIPS22.6R1 <= 22.6R1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References