Summary
Acunetix 360 identified a Out of Band Command Injection by capturing a DNS A request, which occurs when input data is interpreted as an operating system command.
This is a highly critical issue and should be addressed as soon as possible.
Impact
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Remediation
Upgrade to the latest version of Ivanti Connect Secure / Policy Secure