| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-21887 | Ivanti Connect Secure and Policy Secure Command Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited through a command injection weakness in the web components of Ivanti Connect Secure and Ivanti Policy Secure. Attackers leverage this vulnerability to achieve remote code execution by sending specially crafted requests to vulnerable instances, potentially without requiring authentication when combined with other vulnerabilities. This manipulation allows attackers to execute arbitrary commands on the appliance, potentially enabling further exploitation and system compromise.
References
|
| CVE-2024-21887 | Ivanti Connect Secure and Policy Secure Command Injection Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is exploited through a command injection weakness in the web components of Ivanti Connect Secure and Ivanti Policy Secure. Attackers leverage this vulnerability to achieve remote code execution by sending specially crafted requests to vulnerable instances, potentially without requiring authentication when combined with other vulnerabilities. This manipulation allows attackers to execute arbitrary commands on the appliance, potentially enabling further exploitation and system compromise.
References
|