Lucene search
+L

23 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:48 a.m.17 views

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...

9.1CVSS8.9AI score0.99999EPSS
Exploits18References1
The Hacker News
The Hacker News
added 2024/04/22 11:5 a.m.64 views

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment NERVE...

9.1CVSS9.7AI score0.99999EPSS
Exploits23
The Hacker News
The Hacker News
added 2024/02/29 5:49 a.m.71 views

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTE...

9.1CVSS8.4AI score0.99999EPSS
Exploits19
0day.today
0day.today
added 2024/02/21 12:0 a.m.504 views

Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit

This Metasploit module chains a server side request forgery SSRF vulnerability CVE-2024-21893 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All current...

9.1CVSS8.7AI score0.99999EPSS
Exploits26
Packet Storm
Packet Storm
added 2024/02/21 12:0 a.m.781 views

Ivanti Connect Secure Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains a server side request forgery SSRF...

9.1CVSS7.4AI score0.99999EPSS
Exploits26
The Hacker News
The Hacker News
added 2024/02/15 2:20 p.m.84 views

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...

9.1CVSS7.3AI score0.99999EPSS
Exploits25
Malwarebytes
Malwarebytes
added 2024/02/02 2:18 p.m.47 views

CISA: Disconnect vulnerable Ivanti products TODAY

In an emergency directive, the Cybersecurity and Infrastructure Security Agency CISA has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti...

6.5CVSS7.3AI score0.99999EPSS
Exploits26
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.34 views

Ivanti Policy Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)

Binary data ivantipsCVE-2024-21887.nbin...

9.1CVSS9.8AI score0.99999EPSS
Exploits18References2
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.42 views

Ivanti Connect Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)

Binary data ivanticsCVE-2024-21887.nbin...

9.1CVSS9.8AI score0.99999EPSS
Exploits18References2
The Hacker News
The Hacker News
added 2024/01/31 7:23 a.m.66 views

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure ICS virtual private network VPN devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as...

9.1CVSS8.4AI score0.99999EPSS
Exploits23
Packet Storm
Packet Storm
added 2024/01/22 12:0 a.m.482 views

Ivanti Connect Secure Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains an authentication bypass vulnerability...

9.1CVSS7.4AI score0.99999EPSS
Exploits23
0day.today
0day.today
added 2024/01/22 12:0 a.m.495 views

Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit

This Metasploit module chains an authentication bypass vulnerability and a command injection vulnerability to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior...

9.1CVSS8.8AI score0.99999EPSS
Exploits23
Metasploit
Metasploit
added 2024/01/20 7:51 p.m.381 views

Ivanti Connect Secure Unauthenticated Remote Code Execution

This module chains an authentication bypass vulnerability CVE-2023-46805 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions...

9.1CVSS9.1AI score0.99999EPSS
Exploits23
GithubExploit
GithubExploit
added 2024/01/20 7:15 p.m.483 views

Exploit for Command Injection in Ivanti Connect_Secure

🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...

9.1CVSS10AI score0.99999EPSS
Exploits18
GithubExploit
GithubExploit
added 2024/01/16 7:40 p.m.139 views

Exploit for Improper Authentication in Ivanti Connect_Secure

CVE-2023-46805 An authentication bypass vulnerability in the w...

9.1CVSS9.8AI score0.99999EPSS
Exploits23
NVD
NVD
added 2024/01/12 5:15 p.m.37 views

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...

9.1CVSS9.6AI score0.99999EPSS
Exploits18References3
Vulnrichment
Vulnrichment
added 2024/01/12 5:2 p.m.15 views

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...

9.1CVSS8.1AI score0.99999EPSS
Exploits18References2
CVE
CVE
added 2024/01/12 5:2 p.m.718 views

CVE-2024-21887

CVE-2024-21887 is a command-injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure web components (9.x, 22.x) that allows an authenticated administrator to craft requests and execute arbitrary commands on the device. The issue affects web components and is tied to OS command-in...

9.1CVSS9.4AI score0.99999EPSS
In wildExploits18References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2024/01/12 12:0 a.m.60 views

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. Recent assessments: cbeek-r7 at January 11, 2024...

9.1CVSS9.7AI score0.99999EPSS
In wildExploits23References5
Qualys Blog
Qualys Blog
added 2024/01/11 9:54 p.m.68 views

Dual Zero-Day Threats in Ivanti Connect Secure and Policy Secure Gateways – CVE-2023-46805 and CVE-2024-21887

In recent and alarming cybersecurity developments, Volexity researchers have discovered that attackers are exploiting two distinct zero-day vulnerabilities in a coordinated manner to enable unauthenticated remote code execution RCE. These vulnerabilities are identified as CVE-2023-46805 and...

6.4CVSS9.4AI score0.99999EPSS
Exploits23
Rows per page
Query Builder