Skip to main content

CVE-2024-21887

Description

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

nvd
CVE ID: CVE-2024-21887
Base Score: 9.1
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6.0
Exploitability Score: 2.3

Proof Of Concept

Nuclei Templates for CVE-2024-21887
oways

POC Checker for ivanti CVE-2024-21887 Command injcetion

Refrence: GitHub

duy-31

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Refrence: GitHub

Chocapikk

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Refrence: GitHub

raminkarimkhani1996

The script in this repository only checks whether the vulnerabilities specified in the Ivanti Connect Secure product exist.

Refrence: GitHub

seajaysec

Mitigation validation utility for the Ivanti Connect Around attack chain. Runs multiple checks. CVE-2023-46805, CVE-2024-21887.

Refrence: GitHub

mickdec

Refrence: GitHub

tucommenceapousser

exploit for ivanti

Refrence: GitHub

Content on GitHub

Chocapikk | watchers:25

CVE-2024-21893-to-CVE-2024-21887
CVE-2024-21893 to CVE-2024-21887 Exploit Toolkit

Refrence: GitHub

gobysec | watchers:699

GobyVuls
Vulnerabilities of Goby supported with exploitation.

Refrence: GitHub

yoryio | watchers:10

CVE-2023-46805
Scanner for CVE-2023-46805 - Ivanti Connect Secure

Refrence: GitHub

gobysec | watchers:1399

Goby
Attack surface mapping

Refrence: GitHub

Refrence: NVDMITRE