What is the CVSS score of CVE-2024-21887?

CVE-2024-21887 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 94.4%.

Is there a public PoC exploit available for CVE-2024-21887?

Yes, a public proof-of-concept exploit is available for CVE-2024-21887. Prioritise patching immediately. EPSS: 94.4%.

How to fix or mitigate CVE-2024-21887?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

CVE-2024-21887

CRITICAL

Command Injection (CWE-77)

2024-01-12 support@hackerone.com

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:20 vuln.today

Added to CISA KEV

Oct 31, 2025 - 21:56 cisa

CISA KEV

PoC Detected

Oct 31, 2025 - 21:56 vuln.today

Public exploit code

CVE Published

Jan 12, 2024 - 17:15 nvd

CRITICAL 9.1

DescriptionCVE.org

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

AnalysisAI

Ivanti Connect Secure and Policy Secure contain an authenticated command injection in web components allowing administrators to execute arbitrary commands, chained with CVE-2023-46805 for unauthenticated RCE.

Technical ContextAI

The CWE-77 command injection in web management components allows injecting OS commands through specially crafted HTTP requests. While requiring admin authentication standalone, the chain with CVE-2023-46805 provides the authentication bypass needed for unauthenticated exploitation.

Affected ProductsAI

Ivanti Connect Secure 9.x and 22.x Ivanti Policy Secure 9.x and 22.x

RemediationAI

Apply Ivanti patches. Factory reset recommended before patching. Rotate all credentials that were accessible through the VPN appliance. Monitor for persistent access attempts.

CVE-2024-21887 vulnerability details – vuln.today

Back

CVE-2024-21887

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code