CVE-2024-21888

HIGH EXPLOITED

Ivanti Connect Secure 9.x, 22.x and Policy Secure 9.x, 22.x - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2024-21888 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including sfewer-r7, including a Metasploit module exploits/linux/http/ivanti_connect_secure_rce_cve_2024_21893.

AI-analyzed exploit summary This Metasploit module chains an SSRF vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to achieve unauthenticated remote code execution on Ivanti Connect Secure and Ivanti Policy Secure. It exploits a Python backend service via a crafted SOAP request with a malicious URI in the KeyInfo element.

Description

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

Exploits (1)

metasploit WORKING POC EXCELLENT

by sfewer-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2024_21893.rb

View Code ZIP pw:eip

This Metasploit module chains an SSRF vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to achieve unauthenticated remote code execution on Ivanti Connect Secure and Ivanti Policy Secure. It exploits a Python backend service via a crafted SOAP request with a malicious URI in the KeyInfo element.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ivanti Connect Secure, Ivanti Policy Secure (versions 9.x and 22.x prior to Feb 1, 2024 patch)

No auth needed

Prerequisites: Network access to the target · Target running vulnerable version of Ivanti Connect Secure or Policy Secure

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 22, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

Scores

CVSS v3 8.8

EPSS 0.6126

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2024-02-29

CWE

CWE-269

Status published

Products (5)

ivanti/connect_secure 9.0 (13 CPE variants)

ivanti/connect_secure 9.1 r1 (34 CPE variants)

ivanti/connect_secure 21.9 r1

ivanti/connect_secure 21.12 r1

ivanti/connect_secure 22.1 r1

Published Jan 31, 2024

Tracked Since Feb 18, 2026