Lucene search
+L

17 matches found

The Hacker News
The Hacker News
added 2024/04/22 11:5 a.m.64 views

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment NERVE...

9.1CVSS9.7AI score0.99999EPSS
Exploits23
The Hacker News
The Hacker News
added 2024/02/15 2:20 p.m.84 views

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...

9.1CVSS7.3AI score0.99999EPSS
Exploits25
Malwarebytes
Malwarebytes
added 2024/02/02 2:18 p.m.47 views

CISA: Disconnect vulnerable Ivanti products TODAY

In an emergency directive, the Cybersecurity and Infrastructure Security Agency CISA has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti...

6.5CVSS7.3AI score0.99999EPSS
Exploits26
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.46 views

Ivanti Policy Secure 9.x / 22.x Authentication Bypass Vulnerability (CVE-2023-46805)

Binary data ivantipsCVE-2023-46805.nbin...

8.2CVSS9.3AI score0.99986EPSS
Exploits17References2
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.42 views

Ivanti Connect Secure 9.x / 22.x Authentication Bypass Vulnerability (CVE-2023-46805)

Binary data ivanticsCVE-2023-46805.nbin...

8.2CVSS9.3AI score0.99986EPSS
Exploits17References2
The Hacker News
The Hacker News
added 2024/01/31 7:23 a.m.66 views

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure ICS virtual private network VPN devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as...

9.1CVSS8.4AI score0.99999EPSS
Exploits23
GithubExploit
GithubExploit
added 2024/01/25 2:53 p.m.349 views

Exploit for Improper Authentication in Ivanti Connect_Secure

PoC exploit for CVE-2023-46805, an RCE vulnerability in Ivanti...

8.2CVSS9.8AI score0.99986EPSS
Exploits17
Packet Storm
Packet Storm
added 2024/01/22 12:0 a.m.482 views

Ivanti Connect Secure Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains an authentication bypass vulnerability...

9.1CVSS7.4AI score0.99999EPSS
Exploits23
0day.today
0day.today
added 2024/01/22 12:0 a.m.495 views

Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit

This Metasploit module chains an authentication bypass vulnerability and a command injection vulnerability to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior...

9.1CVSS8.8AI score0.99999EPSS
Exploits23
Metasploit
Metasploit
added 2024/01/20 7:51 p.m.381 views

Ivanti Connect Secure Unauthenticated Remote Code Execution

This module chains an authentication bypass vulnerability CVE-2023-46805 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions...

9.1CVSS9.1AI score0.99999EPSS
Exploits23
GithubExploit
GithubExploit
added 2024/01/16 7:40 p.m.139 views

Exploit for Improper Authentication in Ivanti Connect_Secure

CVE-2023-46805 An authentication bypass vulnerability in the w...

9.1CVSS9.8AI score0.99999EPSS
Exploits23
GithubExploit
GithubExploit
added 2024/01/16 8:5 a.m.96 views

Exploit for Improper Authentication in Ivanti Connect_Secure

19/01/2024 Update Updated with the latest info bas...

8.2CVSS6.9AI score0.99986EPSS
Exploits17
CVE
CVE
added 2024/01/12 5:2 p.m.735 views

CVE-2023-46805

CVE-2023-46805 describes an authentication bypass in the web component of Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways (9.x and 22.x). The vulnerability allows an unauthenticated or improperly authenticated actor to access restricted resources by bypassing access controls, per CV...

8.2CVSS8.9AI score0.99986EPSS
In wildExploits17References3Affected Software2
Qualys Blog
Qualys Blog
added 2024/01/11 9:54 p.m.68 views

Dual Zero-Day Threats in Ivanti Connect Secure and Policy Secure Gateways – CVE-2023-46805 and CVE-2024-21887

In recent and alarming cybersecurity developments, Volexity researchers have discovered that attackers are exploiting two distinct zero-day vulnerabilities in a coordinated manner to enable unauthenticated remote code execution RCE. These vulnerabilities are identified as CVE-2023-46805 and...

6.4CVSS9.4AI score0.99999EPSS
Exploits23
Circl
Circl
added 2024/01/10 8:21 p.m.14 views

CVE-2023-46805

creationtimestamp| type| source ---|---|--- 2024-01-10 20:21:17+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus2/2024 2024-01-10 23:16:36+00:00| seen| https://t.me/ctinow/166193 2024-01-11 00:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-01-11...

8.2CVSS8.6AI score0.99986EPSS
In wildExploits17References85
Ivanti
Ivanti
added 2024/01/10 5:48 p.m.14 views

CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways

DESCRIPTION: Vulnerabilities have been discovered in Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways. These vulnerabilities impact all supported versions – Version 9.x and 22.x refer to Granular Software Release EOL Timelines and Support Matrix...

9.1CVSS10AI score0.99999EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/10 12:0 a.m.89 views

Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This...

9.1CVSS7.9AI score0.99999EPSS
In wildExploits23
Rows per page
Query Builder