Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.
PoC: CVE-2024-21887
Remote Code Execution : Ivanti
PoC: ivanti_shell
CVE-2024-21887 Exploitation with Ngrok Reverse Shell
PoC: CVE-2024-21887
Ivanti Connect Secure & Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. (RCE Exploits)
PoC: CVE-2024-21887
exploit for ivanti
PoC: CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
PoC: ivanti-CVE-2024-21887
POC Checker for ivanti CVE-2024-21887 Command injcetion
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free