Detections
Analytics
CVE-2024-21887
critical
Description
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
References
https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html
https://securelist.com/vulnerability-report-q1-2024/112554/
https://services.google.com/fh/files/misc/m-trends-2024.pdf
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/
https://www.theregister.com/2024/04/04/ivanti_secure_by_design/
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
https://securityaffairs.com/160274/cyber-crime/magnet-goblin-nerbianrat-attacks.html
https://securityaffairs.com/160246/hacking/us-cisa-systems-hacked.html
https://www.hivepro.com/threat-advisory/ivanti-gateways-under-attack-by-cybercriminals-patch-now/
https://hub.dragos.com/hubfs/116-Datasheets/Dragos_IntelBrief_VOLTZITE_FINAL.pdf
https://www.scmagazine.com/news/federal-agencies-have-until-feb-3-to-disconnect-ivanti-vpns
https://securityaffairs.com/158393/malware/ivanti-connect-secure-vpn-deliver-krustyloader.html
https://www.infosecurity-magazine.com/news/rust-payloads-ivanti-zero-days/?&web_view=true
https://www.infosecurity-magazine.com/news/rust-payloads-ivanti-zero-days/
https://www.theregister.com/2024/01/22/ivanti_and_juniper_networks_criics_unhappy/?&web_view=true
https://censys.com/the-mass-exploitation-of-ivanti-connect-secure/?web_view=true
https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/
https://infosec.exchange/@[email protected]/111732557655576182