CVE-2024-21887

CriticalKnown ExploitedRansomware

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an…

hackerone·CWE-77·Published 2024-01-12

CVSS

9.1

EPSS

1.00

KEV

Yes

Exploits

Attributed to:UNC5330 UNC5337

cve.orgen

248 chars

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

NVDen

248 chars

NVDes

269 chars

Una vulnerabilidad de inyección de comandos en componentes web de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) permite a un administrador autenticado enviar solicitudes especialmente manipuladas y ejecutar comandos arbitrarios en el dispositivo.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	9.1	—	—	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.0	Primary	cve.org	9.1	—	—	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.0	Secondary	NVD	9.1	2.3	6.0	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	9.1	2.3	6.0	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H