Executive Risk Summary
"A command injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure allows an authenticated administrator to execute arbitrary commands on the appliance. This vulnerability poses a significant risk as it can be exploited to gain unauthorized access and control of the system."
Operational Audit Arsenal
Target Type Web Application
Target Asset Ivanti Connect Secure Web Interface
Standard Path Global Firmware
Manual Verification Required
This is a non-Windows asset (Ivanti). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Likely
Moderate
Internal Work Notes
CVE-2024-21887: Command injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure. Apply vendor patch to prevent arbitrary command execution.
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttp://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
Official Advisoryhttps://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Official Advisoryhttp://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
Official Advisoryhttps://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21887
Related Ivanti Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.