Ivanti Connect Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)

critical Nessus Plugin ID 189951

Language:

Version 1.64 Oct 23, 2025, 3:11 AM Logic Changes (Fix HTTP/1 library to make sure it closes unused Keep-Alive connections) Plugin Feed: 202510230311
Version 1.62 Oct 16, 2025, 4:39 PM Logic Changes (Implement workaround in HTTP library to prevent triggering an engine bug.) Plugin Feed: 202510161639
Version 1.60 Oct 8, 2025, 9:19 AM Logic Changes (Allow forking plugins to report all installs for structured vuln data.) Plugin Feed: 202510080919
Version 1.59 Oct 6, 2025, 9:07 AM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202510060907
Version 1.58 Oct 1, 2025, 9:12 PM Logic Changes (Adding support for user-supplied header added to all HTTP requests.) Plugin Feed: 202510012112
Version 1.57 Sep 30, 2025, 12:41 AM Logic Changes (Add extra checks to see whether plugins should run. Modernisation of the HTTP/1 library. Various corrections and fixes for CPE related Flatline Test Failures. Remove spurious authentication header.) Plugin Feed: 202509300041
Version 1.55 Jul 15, 2025, 2:39 AM Logic Changes Plugin Feed: 202507150239
Version 1.54 Jul 10, 2025, 5:41 PM Logic Changes (Windows CA support) Plugin Feed: 202507101741
Version 1.53 Jun 23, 2025, 9:47 PM Logic Changes Plugin Feed: 202506232147
Version 1.50 Feb 12, 2025, 3:29 PM Logic Changes Plugin Feed: 202502121529
Version 1.49 Feb 12, 2025, 1:58 AM Logic Changes Plugin Feed: 202502120158
Version 1.48 Feb 10, 2025, 4:00 PM Logic Changes Plugin Feed: 202502101600
Version 1.46 Jan 22, 2025, 5:44 PM New Plugin Feed: 202501221744
Version 1.44 Jan 13, 2025, 10:27 PM New Plugin Feed: 202501132227
Version 1.43 Jan 13, 2025, 7:38 PM Logic Changes (Add display fix to structured reporting.) Plugin Feed: 202501131938
Version 1.39 Dec 24, 2024, 11:44 AM New Plugin Feed: 202412241144
Version 1.38 Nov 22, 2024, 6:54 PM Logic Changes (Fixed installation reporting) Plugin Feed: 202411221854
Version 1.37 Nov 13, 2024, 3:50 PM CISA reference Plugin Feed: 202411131550
Version 1.36 Nov 12, 2024, 8:29 PM Logic Changes (Adding installs report) Plugin Feed: 202411122029
Version 1.34 Oct 29, 2024, 8:44 PM Logic Changes (Extend structured reporting to vcf_extras) Plugin Feed: 202410292044
Version 1.30 Oct 10, 2024, 11:57 PM New Plugin Feed: 202410102357
Version 1.29 Oct 9, 2024, 5:56 PM Logic Changes (Corrects vulnerability-finding structured data tags to include the port.) Plugin Feed: 202410091756
Version 1.25 Oct 3, 2024, 6:29 PM Detection (Adding hardware constraint support to VCF and UCF) Plugin Feed: 202410031829
Version 1.24 Oct 2, 2024, 4:10 PM Logic Changes (Adds structured data reports to a subset of manual plugins.) Plugin Feed: 202410021610
Version 1.19 Jul 17, 2024, 11:02 PM Logic Changes Plugin Feed: 202407172302
Version 1.15 May 20, 2024, 10:13 AM Logic Changes Plugin Feed: 202405201013
Version 1.13 Apr 17, 2024, 3:38 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202404171538
Version 1.11 Mar 19, 2024, 6:40 PM Logic Changes (Improving logging to reduce disk space usage) Plugin Feed: 202403191840
Version 1.10 Mar 5, 2024, 5:50 PM New Plugin Feed: 202403051750
Version 1.9 Feb 22, 2024, 3:51 PM Logic Changes Plugin Feed: 202402221551
Version 1.6 Feb 15, 2024, 5:03 PM IAVM reference Plugin Feed: 202402151703
Version 1.5 Feb 12, 2024, 7:54 PM New Plugin Feed: 202402121954
Version 1.5 Feb 15, 2024, 2:29 PM IAVM reference Plugin Feed: 202402151429
Version 1.4 Feb 9, 2024, 11:22 AM New Plugin Feed: 202402091122
Version 1.3 Feb 6, 2024, 8:14 PM New Plugin Feed: 202402062014
Version 1.2 Feb 5, 2024, 4:13 PM CVSS metrics ("CVSSv2 score" set to 8.3. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202402051613
Version 1.2 Feb 6, 2024, 6:23 PM New Plugin Feed: 202402061823
Version 1.1 Feb 2, 2024, 9:40 PM CEA reference Plugin Feed: 202402022140
Version 1.1 Feb 5, 2024, 2:20 PM CVSS metrics ("CVSSv2 score" set to 8.3) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202402051420
Version 1.0 Feb 2, 2024, 3:59 PM New Plugin Feed: 202402021559

* Changelogs are generally available for changes made after Nov 1, 2022

Detections

Analytics

Ivanti Connect Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)

critical Nessus Plugin ID 189951