CVE-2024-21888

CVE Published	2024-01-31
Related Vendor(s)	ivanti
Related Product(s)	connect_secure, policy_secure
CVSS 3 Base Score	8.8 (HIGH)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	NETWORK

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Threat Reports Related to CVE-2024-21888

Report

Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Research

This blog post from CheckPoint Research describes a campaign targeting Ivanti, Magento, Qlink Sense and possibly Apache ActiveMQ systems which ...

View Source

Report

Ivanti Connect Secure: Journey to the core of the DSLog backdoor

The CERT at Orange report on the exploitation of multiple vulnerabilities in Ivanti products. Following successful exploitation, the attackers ...

View Source

References

CVE.org

View more information about CVE-2024-21888 on the official MITRE CVE website.

NIST National Vulnerability Database

CVE-2024-21888 on the NIST NVD.