Ivanti Connect Secure Command Injection

🏭 IvantiCWE-77#Command Injection#VPN#State-Sponsored#Chained Exploit

9.1Critical

010.0

Vulnerability Description

A command injection vulnerability in Ivanti Connect Secure (ICS) and Ivanti Policy Secure web components allows authenticated administrators to send specially crafted requests to execute arbitrary commands on the appliance. Chained with CVE-2023-46805 for unauthenticated exploitation.

Recommended Mitigation

Apply Ivanti security patches. Run the Ivanti Integrity Checker Tool to assess compromise. Perform a factory reset if compromise is detected. Rotate all credentials on the device.

Affected Products

Ivanti Connect Secure (ICS)

Ivanti Policy Secure (IPS)

Version constraint: ICS 9.x, 22.x; IPS 9.x, 22.x (all versions before January 2024 patch)

Official References

https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways https://nvd.nist.gov/vuln/detail/CVE-2024-21887

Quick Facts

Published: 2024-01-10
Last Modified: 2024-01-16
Vendor: Ivanti
CWE: CWE-77
Exploit: ⚠️ Public Exploit Exists

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

View on NVD ← Back to Advisory Feed