Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection CVE-2024-21887

Name: Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection (CVE-2024-21887)
Published: 2024-01-17T00:00:00.000Z

Severity

Vulnerability description: Not available
Risk description: Not available
Recommendation: Not available
References: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html https://github.com/farukokutan/Threat-Intelligence-Research-Reports https://github.com/lions2012/Penetration_Testing_POC https://github.com/Chocapikk/CVE-2024-21887
Codename: Not available

Detectable with: Network Scanner
Scan engine: Nuclei
Cisa Kev: Yes
Exploitable with Sniper: No
CVE Published: Jan 12, 2024
Detection added at: Jan 17, 2024
Software Type: Not available
Vendor: Not available
Product: Not available

Detect & validate this vulnerability

Go beyond surface scans. Get real validation with proprietary tools designed to prove what’s exploitable in your environment.

Compare paid plans See all tools