Ivanti ICS and IPS Command Injection – CVE-2024-2188

Severity: Critical

Invicti identified a Out of Band Command Injection by capturing a DNS A request, which occurs when input data is interpreted as an operating system command.

This is a highly critical issue and should be addressed as soon as possible.

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)  allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Upgrade to the latest version of Ivanti Connect Secure / Policy Secure

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works