CVE-2024-21887
ENISA EUVD: EUVD-2024-19498 ↗
Exploited in the Wild
✓ Confirmed 0-Day
Triaged: March 5, 2026
24 articles
Published: 2024-01-12
EPSS Score
Source: FIRST.org · 2026-05-23
94.44%
probability
This CVE has a 94.44% probability
of being exploited in the next 30 days.
0%
Top 100.0th percentile of all CVEs
100%
CVSS v3.0
Source: VulnerabilityLookup (CIRCL)9.1
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Affected Products
Ivanti
ICS
9.1R18
22.6R2
Ivanti
IPS
9.1R18
22.6R1
Attack Intelligence
Exploits & PoC
Chocapikk/CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated
57
2026-01-08
duy-31/CVE-2023-46805_CVE-2024-21887
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restri
23
2024-01-17
seajaysec/Ivanti-Connect-Around-Scan
Mitigation validation utility for the Ivanti Connect Around attack chain. Runs multiple checks. CVE-2023-46805, CVE-2024-21887.
12
2024-02-03
oways/ivanti-CVE-2024-21887
POC Checker for ivanti CVE-2024-21887 Command injcetion
7
2024-01-14
raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887
The script in this repository only checks whether the vulnerabilities specified in the Ivanti Connect Secure product exist.
5
2024-03-23
Hexastrike/Ivanti-Connect-Secure-Logs-Parser
A Python script for examining Ivanti Secure Connect (ICS) event logs, designed to support investigations into vulnerabilities CVE-2025-0282, CVE-2023-
5
2025-01-19
rxwx/pulse-meter
Parses the System Snapshot from an Ivanti Connect Secure applicance to identify possible IOCs related to CVE-2023-46805, CVE-2024-21887 and CVE-2025-0
1
2025-02-13
pwniel/ivanti_shell
CVE-2024-21887 Exploitation with Ngrok Reverse Shell
0
2024-02-24
8 repos — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
95%
EPSS
94.44%
CVSS v3.0
9.1
Mentions
24
Last Seen
Dec 17, 2025
CNA Information
CNA Assigner
hackerone
Analyst Note
CVE-2024-21887 is explicitly named as a zero-day in multiple authoritative sources (BleepingComputer) with clear evidence of active exploitation in the wild before patch availability. Ivanti issued warnings and CISA issued an emergency directive, confirming exploitation preceded patch release in early 2024.
Threat Actors 56
Lazarus Group
apt_group
Information theft and espionage
🇰🇵 KP
Turla Group
apt_group
Information theft and espionage
Russian Federation
APT 29
apt_group
Information theft and espionage
🇷🇺 RU
DarkHotel
apt_group
Information theft and espionage
🇰🇷 KR
APT27
apt_group
Information theft and espionage
🇨🇳 CN
Cobalt
apt_group
Financial crime
🇷🇺 RU
APT 28
apt_group
Information theft and espionage
🇷🇺 RU
Kimsuky
apt_group
Information theft and espionage
🇰🇷 KR
EMISSARY PANDA
apt_group
Information theft and espionage
🇨🇳 CN
Harvester
apt_group
Information theft and espionage
Unknown
Hacking Team
apt_group
🇮🇹 IT
GhostEmperor
apt_group
Information theft and espionage
🇨🇳 CN
SCATTERED SPIDER
apt_group
Financial crime
🇺🇸 US
Tick
apt_group
Information theft and espionage
🇨🇳 CN
APT3
apt_group
Information theft and espionage
🇨🇳 CN
ELECTRUM
apt_group
Information theft and espionage
🇷🇺 RU
Infy
apt_group
Information theft and espionage
🇮🇷 IR
Volt Typhoon
apt_group
Information theft and espionage
🇨🇳 CN
SideCopy
apt_group
Information theft and espionage
🇵🇰 PK
APT35
apt_group
Information theft and espionage
🇮🇷 IR
ArcaneDoor
apt_group
🇨🇳 CN
TA428
apt_group
Information theft and espionage
🇨🇳 CN
APT42
apt_group
Information theft and espionage
🇮🇷 IR
SideWinder
apt_group
🇮🇳 IN
RAZOR TIGER
apt_group
Information theft and espionage
🇮🇳 IN
[Unnamed group]
apt_group
🇨🇳 CN
FamousSparrow
apt_group
Information theft and espionage
🇨🇳 CN
RomCom
apt_group
Financial gain
🇷🇺 RU
HAFNIUM
apt_group
Information theft and espionage
🇨🇳 CN
Fox Kitten
apt_group
Information theft and espionage
🇮🇷 IR
UTA0178
apt_group
Information theft and espionage
🇨🇳 CN
APT 22
apt_group
Information theft and espionage
🇨🇳 CN
Flax Typhoon
apt_group
Information theft and espionage
🇨🇳 CN
Operation Cobalt Whisper
apt_group
Financial crime
🇨🇳 CN
Rocke
apt_group
🇨🇳 CN
Void Rabisu
apt_group
Financial gain
🇷🇺 RU
UNC4841
apt_group
Information theft and espionage
🇨🇳 CN
APT 6
apt_group
Information theft and espionage
🇨🇳 CN
UAC-0184
apt_group
🇺🇦 UA
Red Dev 17
apt_group
🇨🇳 CN
Red October
apt_group
🇷🇺 RU
Operation Red Signature
apt_group
Information theft and espionage
🇨🇳 CN
Patched Lightning
apt_group
🇬🇭 GH
TA2552
apt_group
Information theft and espionage
🇮🇷 IR
Magic Kitten
apt_group
Information theft and espionage
🇮🇷 IR
Shadow Network
apt_group
Information theft and espionage
🇨🇳 CN
Mana Team
apt_group
🇨🇳 CN
Iron Group
apt_group
Information theft and espionage
🇨🇳 CN
UNC5337
apt_group
🇨🇳 CN
Operation Shadow Force
apt_group
🇨🇳 CN
Sabre Panda
apt_group
🇨🇳 CN
Operation Dragon Castling
apt_group
Information theft and espionage
🇨🇳 CN
Big Panda
apt_group
🇨🇳 CN
APT 5
apt_group
Information theft and espionage
🇨🇳 CN
Beijing Group
apt_group
Information theft and espionage
🇨🇳 CN
Operation Black Atlas
apt_group
Financial crime
Triage Info
Decided atMar 05, 2026
Published DateJan 12, 2024