CVE-2024-21887

CRITICAL severity · CVSS 9.1 · Command injection · actively exploited (CISA KEV)

9.1CVSS CRITICAL ● exploited ⚠ ransomware

🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities). ⚠ Known use in ransomware campaigns. Added to KEV 2024-01-10. US federal agencies must patch by 2024-01-22.

Summary

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredHigh

User interactionNone

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)94%

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products we track (1)

Ivanti Connect Secure

Recommendation

This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.

CVE-2024-21887

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information