Share
## https://sploitus.com/exploit?id=SAINT:CBB2F1CA8B177BA96AECA3D1FB0C7611
Added: 01/18/2024  


### Background

[Ivanti Connect Secure](<https://www.ivanti.com/products/connect-secure-vpn>) is a web-based remote access VPN. 

### Problem

An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. 

### Resolution

Apply the appropriate patch for your Ivanti product when available, or import the `mitigation.release.20240107.1.xml` file as a workaround. See the [Invanti knowledgebase article](<https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways>) for more information. 

### References

<https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways>