.. / CVE-2024-21887

Exploit for Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Authenticated Remote Code Execution (CVE-2024-21887)

Description:

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-21887.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-21887.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-21887
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
https://github.com/farukokutan/Threat-Intelligence-Research-Reports