Share
## https://sploitus.com/exploit?id=SAINT:44512A21413975FC3A5BC8290C582BF4
Added: 02/05/2024  


### Background

[Ivanti Connect Secure](<https://www.ivanti.com/products/connect-secure-vpn>) is a web-based remote access VPN. 

### Problem

A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other vulnerabilities. 

### Resolution

Apply the appropriate patch referenced in the [Ivanti Security Advisory](<https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure>). 

### References

<https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure>  


### Platforms

Linux