## https://sploitus.com/exploit?id=SAINT:60BDA75642503EC398357486212FA6C7
Added: 01/18/2024
### Background
Ivanti Connect Secure is a web-based remote access VPN.
### Problem
An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands.
### Resolution
Apply the appropriate patch for your Ivanti product when available, or import the `mitigation.release.20240107.1.xml` file as a workaround. See the Ivanti knowledgebase article for more information.
### References
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways