CVE-2024-21887 is a critical command injection vulnerability found in the web components of Ivanti Connect Secure (versions 9.x and 22.x) and Ivanti Policy Secure (versions 9.x and 22.x). This vulnerability allows authenticated administrators to send specially crafted requests that can lead to the execution of arbitrary commands on the affected appliances. The CVSS score for this vulnerability is 9.1, indicating a high severity level that poses significant risks for organizations relying on these products.
Given the critical nature of this vulnerability, organizations should prioritize patching immediately. The potential for attackers to leverage this vulnerability to execute arbitrary commands can lead to severe consequences, including unauthorized access and compromise of sensitive data.
The vulnerability has been publicly disclosed, and its inclusion in the Known Exploited Vulnerabilities (KEV) catalog highlights its active exploitation in the wild. Additionally, there are multiple proof-of-concept (PoC) references available on platforms such as GitHub, indicating that the risk of exploitation is substantial. Organizations must take swift action to mitigate the risks associated with this vulnerability.
In response to this vulnerability, Ivanti has provided guidance for remediation. Organizations should follow these instructions closely to ensure their systems are secured against potential exploitation.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)