Giter Club home page Giter Club logo

-ivanti-vpn-issues-2024's Introduction

Ivanti VPN Issues 2024 Jan-Feb

CVE-2023-46805 and CVE-2024-21887 - disclosed Wed, Jan 10

Resource Type Link Notes
CVE CVE-2023-46805 Authentication Bypass
CVE CVE-2024-21887 Command Execution for Authn'd Admins
Vendor KB Article KB-2023-46805-and-2024-21887
Exploit Metasploit module Chains together CVE-2023-46805 and CVE-2024-21887
Blog Post Ivanti Zero-day Vulnerabilities: CVE-2023-46805 & CVE-2024-21887 Blog post by Caitlin Condon at Rapid7
CISA Alert Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways CISA Alert 2024/01/10

CVE-2024-21888 and CVE-2024-21893 - disclosed Wed, Jan 31

Resource Type Link Notes
CVE CVE-2024-21888 Privilege escalation in web interface from user to administrator
CVE CVE-2024-21893 SSRF allowing user-level access without authentication
Vendor KB Article KB-CVE-2024-21888-and-21893
Press Ivanti patches two zero-days under attack, but finds another TechCrunch piece on third and fourth vulns
CISA Directive CISA Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities CISA Supplemental Directive updated for third and fourth vulns
Press All federal civilian agencies ordered to disconnect at-risk Ivanti products by Friday The Record by RecordedF Future News reporting on the CISA directive

CVE-2024-22024 - disclosed Friday 2/9/24

Resource Type Link Notes
Vendor KB [ CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure (https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure) Ivanti Knowledge base article on fifth vulnerability
Tool Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure Open Source unvetted Scanner for CVE-2024-22024
Press Ivanti: Patch new Connect Secure auth bypass bug immediately Bleeping Computer article on CVE-2024-22024
Press Ivanti discloses fifth vulnerability, doesn't credit researchers who found it Register article on fifth vulnerability
Discoverer Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti? Watchtowr Labs article on discovering vuln
CVE CVE-2024-22024 Authentication Bypass via XXE in SAML

Vulnerability Chart of Quick Links

CVE Link Type Vendor KB
CVE-2023-46805 Authentication Bypass KB-2023-46805-and-2024-21887
CVE-2024-21887 Command Execution for Authn'd Admins KB-2023-46805-and-2024-21887
CVE-2024-21888 Privilege escalation in web interface from user to administrator KB-CVE-2024-21888-and-21893
CVE-2024-21893 SSRF allowing user-level access without authentication KB-CVE-2024-21888-and-21893
CVE-2024-22024 Authentication Bypass via XXE in SAML KB-CVE-2024-22024

-ivanti-vpn-issues-2024's People

Contributors

jaybeale avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.