CVE-2024-21887

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions 9.0 through 9.1 and 22.1 through 22.3 Ivanti Policy Secure versions 9.0 through 9.1 and 22.1 through 22.3

Description A command injection vulnerability exists in the web components of Ivanti Connect Secure and Ivanti Policy Secure. This flaw allows an authenticated administrator to send specially crafted requests, resulting in the execution of arbitrary commands on the appliance. The vulnerability is actively exploited in the wild by threat actors, including the Magnet Goblin group and Chinese state-sponsored APT actors. These actors have been observed using the vulnerability to gain access to systems, modify network settings, establish covert tunnels, and exfiltrate data. Approximately 800 vulnerable IPs remain exposed. The exploitation of this vulnerability has been linked to the deployment of Rust-based backdoors and the "KrustyLoader" malware.

Recommendations Ivanti Connect Secure versions 9.0 through 9.1 and 22.1 through 22.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Ivanti Policy Secure versions 9.0 through 9.1 and 22.1 through 22.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.