HTTP: Ivanti Connect Secure and Policy Secure Gateways Command Injection
This signature detects attempts to exploit a known vulnerability against Ivanti Connect Secure . A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Affected Products
Ivanti policy_secure
References
CVE: CVE-2024-21887
Short Name
HTTP:CTS:IVANTI-WEB-CMD-INJ
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2024-21887 Command Connect Gateways Injection Ivanti Policy Secure and
Release Date
01/25/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Ivanti