Critical Command Injection Vulnerability Patched in Ivanti Products

CVECVE-2024-21887
CVSScvssV3_0: 9.1
SourceCVE-2024-21887

Ivanti Connect Secure and Ivanti Policy Secure are network security tools used by many organizations to secure remote access to internal networks. Unfortunately, a serious vulnerability was discovered that could allow attackers to compromise these systems.

The vulnerability is a command injection flaw that exists in the web interfaces of both Ivanti Connect Secure and Ivanti Policy Secure versions 9.x and 22.x. Command injection occurs when unvalidated input sent to a program is incorrectly interpreted and executed as commands. In this case, an authenticated administrator could craft special requests that would allow running arbitrary commands on the underlying operating system of the affected Ivanti appliances.

This would give the attacker full control of the system, allowing them to compromise security, steal sensitive data, install malware and more. An attacker could exploit this remotely without any additional credentials once they find a way to authenticate as an administrator.

Ivanti has released patches to address this issue for all affected versions. Organizations using Ivanti Connect Secure or Ivanti Policy Secure should apply the updates immediately to protect their networks and data. It is also recommended to closely monitor logs and network activity for any signs of unauthorized access. Staying up-to-date on software updates is critical for any internet-facing systems to quickly patch vulnerabilities when they are discovered.

References