Detections
Analytics
CVE-2024-21887
critical
Description
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
From the Tenable Blog
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Published: 2024-01-31
Frequently asked questions for five CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days.
CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
Published: 2024-01-11
Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors.
References
https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html
https://therecord.media/cisa-ivanti-firewall-bug-exploitation
https://www.darkreading.com/vulnerabilities-threats/china-linked-threat-group-exploits-ivanti-bug
https://cyberscoop.com/china-espionage-group-ivanti-vulnerability-exploits/
https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/
https://cyberscoop.com/edge-device-vulnerabilities-fuel-attack-sprees/
https://www.securityweek.com/exploitation-of-new-ivanti-vpn-zero-day-linked-to-chinese-cyberspies/
https://therecord.media/china-espionage-ivanti-vulnerabilities-mandiant
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/
https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider
https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html
https://www.trendmicro.com/en_us/research/24/k/earth-estries.html
https://isc.sans.edu/diary/rss/31384
https://blog.lumen.com/derailing-the-raptor-train/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
https://securelist.com/vulnerability-exploit-report-q2-2024/113455/
https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/
https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit
https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html
https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html
https://securelist.com/vulnerability-report-q1-2024/112554/
https://services.google.com/fh/files/misc/m-trends-2024.pdf
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
https://hub.dragos.com/hubfs/116-Datasheets/Dragos_IntelBrief_VOLTZITE_FINAL.pdf
https://www.infosecurity-magazine.com/news/rust-payloads-ivanti-zero-days/
https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/
https://infosec.exchange/@[email protected]/111732557655576182
Details
Published: 2024-01-12
Updated: 2025-02-12
Named Vulnerability: ConnectAroundKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: High
CVSS v3
Base Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: Critical
CVSS v4
Base Score: 9.4
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Severity: Critical
EPSS
EPSS: 0.94416
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Concern