module
Ivanti Connect Secure Authenticated Remote Code Execution via OpenSSL CRLF Injection
| Disclosed |
|---|
| 2024-10-08 |
Disclosed
2024-10-08
Description
This module exploits a CRLF injection vulnerability in Ivanti Connect
Secure to achieve remote code execution (CVE-2024-37404). Versions
prior to 22.7R2.1 are vulnerable. Note that Ivanti Policy Secure
versions prior to 22.7R1.1 are also vulnerable but this module
doesn't support this software.
Valid administrative credentials are required. A non-administrative
user is also required and can be created using the administrative
account, if needed.
Secure to achieve remote code execution (CVE-2024-37404). Versions
prior to 22.7R2.1 are vulnerable. Note that Ivanti Policy Secure
versions prior to 22.7R1.1 are also vulnerable but this module
doesn't support this software.
Valid administrative credentials are required. A non-administrative
user is also required and can be created using the administrative
account, if needed.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.