Threat Intelligence / CVE / CVE-2024-21887

CVE-2024-21887

CISA KEVRansomware

CVSS 9.1 (CRITICAL) · EPSS 94.4% · Published 2024-01-12

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77

Threats tracking this CVE

Ivanti EPMM Pre-Auth Remote Code Execution (CVE-2026-1281 / CVE-2026-1340) — CRITICAL

References

http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21887

Full detection coverage & IOCs for threats exploiting CVE-2024-21887 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence