Aperçu
A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure web components that allows authenticated administrators to execute arbitrary commands through unsanitized input. This vulnerability requires administrator-level privileges to exploit. La vulnérabilité a été divulguée le January 12, 2024. CISA a identifié CVE-2024-21887 comme étant exploitée et est connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
Ivanti Connect Secure and Ivanti Policy Secure contain a command injection vulnerability in their web components. The vulnerability is caused by insufficient input validation and sanitization of user-supplied data within web-based administrative interfaces. An authenticated administrator can leverage this flaw to inject arbitrary system commands that will be executed with the privileges of the web application process.
La vulnérabilité est classifiée comme CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')) etCWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 6.5 (MEDIUM) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indiquant sa nature medium.
Impact
An authenticated administrator with malicious intent or compromised credentials could execute arbitrary system commands with the privileges of the application process. This could lead to complete system compromise, including data exfiltration, unauthorized modifications, system disruption, lateral movement within the network, and potential use as a pivot point for further attacks.
Mitigation et contournements
Update to the patched versions: Connect Secure 9.1.17, 22.1.1 or later, or Policy Secure 9.1.17, 22.1.1 or later. Follow Ivanti's official update procedures available on their support portal. Les versions suivantes incluent les correctifs nécessaires : Ivanti Connect Secure 9.1.17, Ivanti Connect Secure 22.1.1, Ivanti Policy Secure 9.1.17, Ivanti Policy Secure 22.1.1.
Comme contournements temporaires : restrict network access to the ivanti connect secure and policy secure web administration interfaces to trusted administrative networks only using firewall rules or network segmentation.; implement strict access controls and monitor administrator account activity. audit logs should be reviewed regularly for suspicious command execution patterns., et disable non-essential administrative web components if possible and limit administrator permissions to only those required for their role..
Recommandation de CISA : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
