- Description
- A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
- Source
- support@hackerone.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
- Exploit added on
- Jan 10, 2024
- Exploit action due
- Jan 22, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
نسخه جدید باج افزار DragonForce منتشر شده است که از آسیب پذیری هایی با کدهای شناسایی CVE-2021-44228 و CVE-2023-46805 و CVE-2024-21887 استفاده می کند. برای حفظ دسترسی خود از بدافزاری
@AmirHossein_sec
10 May 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti Connect SecureのCVE-2025-0282はMandiant曰く24/12/24頃から悪用されており25/1/8にパッチリリース https://t.co/iN0IZfGf0G 去年大騒ぎになった同じくIvanti/Pulse Connect Secure のゼロデイ CVE-2024-21887、CVE-2023-46805も23/12から攻撃があり翌年1/10以降に対策リリース… https://t.co/qp3L0ryDAT
@nekono_naha
9 Jan 2025
1106 Impressions
4 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
Cybersecurity WOTW: Spray Attacks Actively Exploited Vulnerabilities Include: • Cleo File Upload (CVE-2024-50623) • Microsoft CLFS Buffer Overflow (CVE-2024-49138) • Ivanti Connect Secure Command Injection (CVE-2024-21887) 👉Read the blog: https://t.co/mLYWd1ZfIJ https://t.co/
@GradientCyber
16 Dec 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21887 and More: How Earth Estries APT Group Exploits VPNs & Servers Learn about the Earth Estries APT group, a significant cyber espionage actor targeting critical sectors and industries worldwide. https://t.co/yAoI34DRVW
@the_yellow_fall
27 Nov 2024
354 Impressions
2 Retweets
9 Likes
6 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEAA1F3F-FC78-43C1-814A-19E94AC4A844"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A3A93FE-41BF-43F2-9EFC-89656182329F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB6CEA16-F422-48F1-9473-3931B1BFA63F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E238AB9F-99C1-4F0D-B442-D390065D35D1"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28FDE909-711C-41EC-8BA6-AC4DE05EA27E"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "361FAA47-52FF-4B36-96B0-9C178A4E031B"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "415219D0-2D9A-4617-ABB7-6FF918421BEE"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3DF17AC-EC26-4B76-8989-B7880C9EF73E"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "001E117B-E8EE-4C20-AEBF-34FF5EB5051E"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C383863-1E90-4B72-A500-4326782BC92F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB9A5868-34FB-446E-817F-6701CC5DE923"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5456F61D-1FD1-4DA6-AFA3-4073889AD22A"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD00E2EC-B772-4FE8-8CC5-829BE45BE878"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF767F07-2E9F-4099-829D-2F70E85D8A35"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B994E22B-8FA5-4510-82F6-7820BDA7C307"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE5C4ABC-2BEB-4741-95B3-303903369818"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D50C5526-F791-4C76-B5C0-DA2E1281C9E2"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CB8240E-7683-4C39-9654-4F8D1F682288"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A53C031-E7A5-47B6-BA4A-DD28432E743F"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B90687F3-A5C1-4706-AD66-D78EE512E4C9"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D10A3F2D-6A62-4A48-93FB-274527C821D2"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "811C7E7E-89AB-47DF-BACD-ED478DF756BC"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ED1686B-2D80-4ECF-9F7A-AEA989E17C84"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "092DA2A3-5CEF-433F-8E5B-4850E4095CC4"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A385F38B-0B03-4B69-B7A1-952F5BAE727C"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "925DCCBA-9382-4A39-84B8-4DEAFD2BC802"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34C118FB-7AE0-466C-822A-348A2F6016AC"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1536DB45-9A42-4549-A10E-FDBB6693DF17"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51FF66C9-9415-4EAD-8F19-D5E067336885"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BBC1E81-0A2A-4166-BFA6-2B866B4F8AE4"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D73729EB-C679-4CED-9F36-212B0581EC22"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14B481E8-D887-408F-B892-D2939CD037AB"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EB8380F-D229-4AF0-B27C-47760F843E48"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB4B1ED6-38AD-44F8-9B77-2D6924E8A20E"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28A9318A-0D4D-4EF1-998B-4A82A1AB63F0"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56C7542D-3520-4E4D-936C-5295068C4CD7"
}
],
"operator": "OR"
}
]
}
]