CVE-2024-21887

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions 9.0 through 22.3 Ivanti Policy Secure versions 9.0 through 22.3

Description A command injection flaw exists in web components of Ivanti Connect Secure and Ivanti Policy Secure. An authenticated administrator can send specially crafted requests, leading to the execution of arbitrary commands on the appliance. This issue is actively exploited in the wild by threat actors, including Chinese state-sponsored groups. Reports indicate the use of this vulnerability to gain remote access, modify system settings, and deploy malicious software, such as webshells and backdoors. Approximately 8.7K vulnerable IPs were identified, with over 800 still exposed. The vulnerability is being actively scanned for and exploited.

Recommendations Ivanti Connect Secure versions 9.0 through 22.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Ivanti Policy Secure versions 9.0 through 22.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.