Critical Command Injection Vulnerability Patched in Ivanti Products

CVSScvssV3_0: 9.1

Ivanti Connect Secure and Ivanti Policy Secure are network security tools used by many organizations to securely connect users to internal systems and enforce access policies. Unfortunately, a serious vulnerability was discovered that could allow attackers to compromise these systems.

The vulnerability (CVE-2024-21887) is a command injection flaw that exists in the web interfaces of Ivanti Connect Secure and Ivanti Policy Secure versions 9.x and 22.x. Command injection occurs when unvalidated input sent to a program is not properly filtered and allows the execution of arbitrary commands. In this case, an authenticated administrator could craft special requests that would execute commands on the underlying operating system of the affected Ivanti appliance.

An attacker who exploits this vulnerability could do things like install backdoors, download sensitive files, or completely take over the system. Since these appliances act as gateways to internal networks, a compromised device could potentially be used to pivot deeper into the environment.

Ivanti has released patches to address this issue, so it is important that administrators of affected versions update their systems immediately. General best practices like restricting administrative access and keeping systems up-to-date can also help prevent exploitation of such vulnerabilities. While concerning, proactive patching minimizes risk for users of these important network security tools.