## https://sploitus.com/exploit?id=SAINT:CBB2F1CA8B177BA96AECA3D1FB0C7611
Added: 01/18/2024
### Background
[Ivanti Connect Secure](<https://www.ivanti.com/products/connect-secure-vpn>) is a web-based remote access VPN.
### Problem
An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands.
### Resolution
Apply the appropriate patch for your Ivanti product when available, or import the `mitigation.release.20240107.1.xml` file as a workaround. See the [Ivanti knowledgebase article](<https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways>) for more information.
### References
<https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways>