Russian Vulnerability Scanner Database

Back to List

BDU:2024-00249

Scores

EPSS Score

0.0000

CVSS

3.x 9.1

Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
9.1

Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS 2.0
8.3

Vector: AV:N/AC:L/Au:M/C:C/I:C/A:C

Description

Уязвимость веб-интерфейсов средств контроля сетевого доступа Ivanti Connect Secure и Ivanti Policy Secure связана с непринятием мер по нейтрализации специальных элементов, используемых в команде ОС. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнять произвольные команды путём отправки специально сформированных запросов

Sources

bdu

Related Vulnerabilities

CVE-2024-21887

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21887
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
https://www.rapid7.com/blog/post/2024/01/11/etr-zero-day-exploitation-of-ivanti-connect-secure-and-policy-secure-gateways/
https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways
https://github.com/volexity/threat-intel/blob/main/2024/2024-01-10%20Ivanti%20Connect%20Secure/indicators/iocs.csv
http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

Vulnerable Software

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.5 r2.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r16"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r14"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.4 r2.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.3 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r9"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r8.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r4.2"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r11.5"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r10"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.0"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r3"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r7"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.2 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.4 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r15"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r2"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r4.3"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r11"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r6"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.6"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r5"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.2"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r12"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.6 r2"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.6 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r17.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r13.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r13"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r17"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r11.4"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r11.3"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.1 r6"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "22.1 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r4.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r15.2"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r12.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r9.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r8.2"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r8"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r16.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: connect secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r4"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r3.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r12"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r4"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r18"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r10"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.4 r2"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.3 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.2 r3"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r13"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r15"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r14"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.0"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.5 r2.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.5 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r4.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r6"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.1 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r5"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.4 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r17"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r11"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r3"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.4 r2.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r8.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.3 r3"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "22.6 r1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r8"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r7"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r2"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r13.1"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r9"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r16"
}

Source: bdu

Type: Configuration

Vendor: ivanti

Product: policy secure

Operating System: * *

Trait: 
{
  "version_exact": "9.1 r4.2"
}

Source: bdu