Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-21887
CVE-2024-21887:
Ivanti Connect Secure vulnerability analysis and mitigation
Overview
A command injection vulnerability (CVE-2024-21887) was discovered in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x). The vulnerability allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. This vulnerability has been actively exploited in the wild since December 2023, often being chained with CVE-2023-46805 (an authentication bypass vulnerability) to achieve unauthenticated remote code execution (WatchTowr Labs).
Technical details
The vulnerability has been assigned a CVSS v3.1 base score of 9.1 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The vulnerability is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command). When chained with CVE-2023-46805, it allows unauthenticated attackers to achieve remote code execution on affected devices (NVD).
Impact
The vulnerability enables authenticated administrators to execute arbitrary commands on the appliance, potentially leading to complete system compromise. When combined with CVE-2023-46805, it allows unauthenticated attackers to achieve full device compromise and takeover. This has significant implications as these devices often serve as critical gateway components between internal networks and the internet (WatchTowr Labs).
Mitigation and workarounds
Ivanti has released patches for various versions including 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3, and 22.6R2.2 for Connect Secure, and 9.1R17.3, 9.1R18.4, and 22.5R1.2 for Policy Secure. For unpatched versions, Ivanti provides a mitigation XML script. It's recommended to perform a factory reset before applying the patch to prevent threat actors from maintaining persistence on compromised devices (Tenable Blog).
Community reactions
The security community has expressed significant concern about these vulnerabilities, particularly regarding the delayed patch release and the initial reliance on XML mitigation files. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive (ED 24-01) requiring Federal Civilian Executive Branch agencies to implement mitigations and later disconnect affected devices from their networks (Tenable Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management