Detections
Analytics
CVE-2024-21887
critical
Description
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
References
https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates
https://thehackernews.com/2025/12/new-forumtroll-phishing-attacks-target.html
https://thehackernews.com/2025/12/cisa-reports-prc-hackers-using.html
https://www.theregister.com/2025/09/24/google_china_spy_report/
https://thehackernews.com/2025/09/unc5221-uses-brickstorm-backdoor-to.html
https://www.theregister.com/2025/08/28/china_salt_typhoon_alert/
https://www.securityweek.com/chinas-salt-typhoon-hacked-critical-infrastructure-globally-for-years/
https://www.infosecurity-magazine.com/news/chinese-tech-firms-salt-typhoon/
https://thehackernews.com/2025/08/salt-typhoon-exploits-cisco-ivanti-palo.html
https://securelist.com/vulnerabilities-and-exploits-in-q2-2025/117333/
https://cyberscoop.com/sonicwall-exploited-vulnerabilities-surge/
https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html
https://therecord.media/cisa-ivanti-firewall-bug-exploitation
https://www.darkreading.com/vulnerabilities-threats/china-linked-threat-group-exploits-ivanti-bug
https://cyberscoop.com/china-espionage-group-ivanti-vulnerability-exploits/
https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/
https://cyberscoop.com/edge-device-vulnerabilities-fuel-attack-sprees/
https://www.securityweek.com/exploitation-of-new-ivanti-vpn-zero-day-linked-to-chinese-cyberspies/
https://therecord.media/china-espionage-ivanti-vulnerabilities-mandiant
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/
https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider
https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html
https://www.trendmicro.com/en_us/research/24/k/earth-estries.html
https://isc.sans.edu/diary/rss/31384
https://blog.lumen.com/derailing-the-raptor-train/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
https://securelist.com/vulnerability-exploit-report-q2-2024/113455/
https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/
https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit
https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html
https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html
https://securelist.com/vulnerability-report-q1-2024/112554/
https://services.google.com/fh/files/misc/m-trends-2024.pdf
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
https://hub.dragos.com/hubfs/116-Datasheets/Dragos_IntelBrief_VOLTZITE_FINAL.pdf
Details
Published: 2024-01-12
Updated: 2025-10-31
Named Vulnerability: ConnectAroundKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: High
CVSS v3
Base Score: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: Critical
CVSS v4
Base Score: 9.4
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Severity: Critical
EPSS
EPSS: 0.94412
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Concern