16 matches found
PT-2024-25995 · W3C · Xml Signature Syntax/Processing
The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTE...
Ivanti Connect Secure Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains a server side request forgery SSRF...
Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit
This Metasploit module chains a server side request forgery SSRF vulnerability CVE-2024-21893 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All current...
Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries
A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...
Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches
By Deeba Ahmed Zero-Day Nightmare: CVE-2024-21893 Exploits Surge in Attacks on Ivanti Products. This is a post from HackRead.com Read the original post: Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches...
Attacks, Vulnerabilities and Actors 29 January to 4 February 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and six exploited...
Ivanti Policy Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)
Binary data ivantipsssrfrceCVE-2024-21893.nbin...
Ivanti Policy Secure 9.x / 22.x SSRF (CVE-2024-21893)
Binary data ivantipsCVE-2024-21893.nbin...
Ivanti Connect Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)
Binary data ivanticsssrfrceCVE-2024-21893.nbin...
Ivanti Connect Secure 9.x / 22.x SSRF (CVE-2024-21893)
Binary data ivanticsCVE-2024-21893.nbin...
CISA: Disconnect vulnerable Ivanti products TODAY
In an emergency directive, the Cybersecurity and Infrastructure Security Agency CISA has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti...
CVE-2024-21893
Technical details about CVE-2024-21893 are not provided in the connected documents. The initial description notes an SSRF vulnerability in Ivanti products, but there are no product/version specifics or remediation details here. Monitor for updates.
Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888 CVSS score: 8.8 - A privilege escalation vulnerability in the w...
CVE-2024-21893
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. Recent assessments: ccondon-r7 at February 02, 2024...
CVE-2024-21893
creationtimestamp| type| source ---|---|--- 2024-01-10 20:21:17+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus2/2024 2024-01-11 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1197 2024-01-11 11:25:20+00:00| seen|...