all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Ivanti Connect Secure Unauthenticated Remote Code Execution

Add to bookmarks
Feb. 21, 2024, 4:24 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.

code code execution command command injection connect connect secure cve cve-2024-21887 cve-2024-21893 exploit forgery injection ivanti ivanti connect secure ivanti policy secure metasploit patch policy policy secure remote code remote code execution request server server side ssrf unauthenticated vendor vulnerability vulnerable

Visit resource

More from packetstormsecurity.com / Packet Storm

Debian Security Advisory 5676-1 an hour ago | packetstormsecurity.com
advisory arbitrary code chromium code +13
Ubuntu Security Notice USN-6747-2 an hour ago | packetstormsecurity.com
attacker denial of service domains exploit +16
htmlLawed 1.2.5 Remote Command Execution an hour ago | packetstormsecurity.com
command concept exploit proof +1
Red Hat Security Advisory 2024-2651-03 an hour ago | packetstormsecurity.com
advisory denial of service enterprise linux +7
Red Hat Security Advisory 2024-2645-03 an hour ago | packetstormsecurity.com
advisory enterprise linux red hat +5
1,400 GitLab Servers Impacted By Exploited Vulnerability an hour ago | packetstormsecurity.com
data loss exploited flaw gitlab +3
Hackers Compromised Dropbox eSignature Service an hour ago | packetstormsecurity.com
compromised dropbox flaw hacker +2
Hacker Free-For-All Fights For Control Of Home And Office Routers Everywhere an hour ago | packetstormsecurity.com
botnet control email free +6
REvil Ransomware Scum Gets 14 Years, $16 Million Fine an hour ago | packetstormsecurity.com
cryptography cybercrime fraud hacker +5

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs