CVE-2024-21887

🗓️ 12 Jan 2024 17:02:16Reported by hackeroneType

cve🔗 web.nvd.nist.gov📰️ 30 Media mentions👁 704 Views🌐 WEB

A command injection vulnerability in Ivanti Connect Secure and Policy Secure allows authenticated admin to execute arbitrary commands on the appliance. CVE-2024-2188

Reporter	Title	Published	Views	Family All 109
0day.today	Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit	22 Jan 202400:00	–	zdt
0day.today	Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit	21 Feb 202400:00	–	zdt
GithubExploit	Exploit for Command Injection in Ivanti Connect_Secure	20 Jan 202419:15	–	githubexploit
GithubExploit	Exploit for Improper Authentication in Ivanti Connect_Secure	18 Jan 202413:25	–	githubexploit
GithubExploit	Exploit for Command Injection in Ivanti Connect_Secure	3 Feb 202411:33	–	githubexploit
GithubExploit	Exploit for Improper Authentication in Ivanti Connect_Secure	14 Jan 202418:30	–	githubexploit
GithubExploit	Exploit for Command Injection in Ivanti Connect_Secure	14 Jan 202409:25	–	githubexploit
GithubExploit	Exploit for Improper Authentication in Ivanti Connect_Secure	14 Jan 202418:30	–	githubexploit
GithubExploit	Exploit for Command Injection in Ivanti Connect_Secure	16 Jan 202420:59	–	githubexploit
GithubExploit	Exploit for Improper Authentication in Ivanti Connect_Secure	16 Jan 202419:40	–	githubexploit

NVD

Vulners

Node

ivanti connect_secureMatch9.0

ivanti connect_secureMatch9.1r1

ivanti connect_secureMatch9.1r10

ivanti connect_secureMatch9.1r11

ivanti connect_secureMatch9.1r11.3

ivanti connect_secureMatch9.1r11.4

ivanti connect_secureMatch9.1r11.5

ivanti connect_secureMatch9.1r12

ivanti connect_secureMatch9.1r12.1

ivanti connect_secureMatch9.1r13

ivanti connect_secureMatch9.1r13.1

ivanti connect_secureMatch9.1r14

ivanti connect_secureMatch9.1r15

ivanti connect_secureMatch9.1r15.2

ivanti connect_secureMatch9.1r16

ivanti connect_secureMatch9.1r16.1

ivanti connect_secureMatch9.1r17

ivanti connect_secureMatch9.1r17.1

ivanti connect_secureMatch9.1r18

ivanti connect_secureMatch9.1r2

ivanti connect_secureMatch9.1r3

ivanti connect_secureMatch9.1r4

ivanti connect_secureMatch9.1r4.1

ivanti connect_secureMatch9.1r4.2

ivanti connect_secureMatch9.1r4.3

ivanti connect_secureMatch9.1r5

ivanti connect_secureMatch9.1r6

ivanti connect_secureMatch9.1r7

ivanti connect_secureMatch9.1r8

ivanti connect_secureMatch9.1r8.1

ivanti connect_secureMatch9.1r8.2

ivanti connect_secureMatch9.1r9

ivanti connect_secureMatch9.1r9.1

ivanti connect_secureMatch22.1r1

ivanti connect_secureMatch22.1r6

ivanti connect_secureMatch22.2-

ivanti connect_secureMatch22.2r1

ivanti connect_secureMatch22.3r1

ivanti connect_secureMatch22.4r1

ivanti connect_secureMatch22.4r2.1

ivanti connect_secureMatch22.5r2.1

ivanti connect_secureMatch22.6-

ivanti connect_secureMatch22.6r1

ivanti connect_secureMatch22.6r2

ivanti policy_secureMatch9.0

ivanti policy_secureMatch9.1r1

ivanti policy_secureMatch9.1r10

ivanti policy_secureMatch9.1r11

ivanti policy_secureMatch9.1r12

ivanti policy_secureMatch9.1r13

ivanti policy_secureMatch9.1r13.1

ivanti policy_secureMatch9.1r14

ivanti policy_secureMatch9.1r15

ivanti policy_secureMatch9.1r16

ivanti policy_secureMatch9.1r17

ivanti policy_secureMatch9.1r18

ivanti policy_secureMatch9.1r2

ivanti policy_secureMatch9.1r3

ivanti policy_secureMatch9.1r3.1

ivanti policy_secureMatch9.1r4

ivanti policy_secureMatch9.1r4.1

ivanti policy_secureMatch9.1r4.2

ivanti policy_secureMatch9.1r5

ivanti policy_secureMatch9.1r6

ivanti policy_secureMatch9.1r7

ivanti policy_secureMatch9.1r8

ivanti policy_secureMatch9.1r8.1

ivanti policy_secureMatch9.1r8.2

ivanti policy_secureMatch9.1r9

ivanti policy_secureMatch22.1r1

ivanti policy_secureMatch22.1r6

ivanti policy_secureMatch22.2r1

ivanti policy_secureMatch22.2r3

ivanti policy_secureMatch22.3r1

ivanti policy_secureMatch22.3r3

ivanti policy_secureMatch22.4r1

ivanti policy_secureMatch22.4r2

ivanti policy_secureMatch22.4r2.1

ivanti policy_secureMatch22.5r1

ivanti policy_secureMatch22.5r2.1

ivanti policy_secureMatch22.6r1

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "ICS",
    "versions": [
      {
        "version": "9.1R18",
        "status": "affected",
        "lessThanOrEqual": "9.1R18",
        "versionType": "custom"
      },
      {
        "version": "22.6R2",
        "status": "affected",
        "lessThanOrEqual": "22.6R2",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "IPS",
    "versions": [
      {
        "version": "9.1R18",
        "status": "affected",
        "lessThanOrEqual": "9.1R18",
        "versionType": "custom"
      },
      {
        "version": "22.6R1",
        "status": "affected",
        "lessThanOrEqual": "22.6R1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
forums	www.forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
type	request body	/api/v1/totp/user-backup-code/%2E%2E/%2E%2E/system/maintenance/archiving/cloud-server-test-connection	Command injection via crafted JSON in POST to vulnerable endpoint (CVE-2024-21887) exploiting path traversal.	CWE-77

17 Jun 2026 07:10Current

9.4High risk

Vulners AI Score9.4

CVSS 3.19.1

CVSS 39.1

EPSS0.99999

SSVC