Share
## https://sploitus.com/exploit?id=SAINT:60BDA75642503EC398357486212FA6C7
Added: 01/18/2024  


### Background

Ivanti Connect Secure is a web-based remote access VPN. 

### Problem

An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. 

### Resolution

Apply the appropriate patch for your Ivanti product when available, or import the `mitigation.release.20240107.1.xml` file as a workaround. See the Ivanti knowledgebase article for more information. 

### References

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways