关联漏洞
介绍
## 🌟 Description
CVE-2024-37404 - Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection
An attacker with administrative access to the web application, potentially gained through exploitation of previous vulnerabilities or credential compromise, could execute arbitrary code on the underlying system with root privileges.
## Details
- **CVE ID**: [CVE-2024-37404]
- **Discovered**: 2024-04-05
- **Published**: 2024-10-08
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.
## ⚙️ Installation
To set up the exploitation tool, follow these steps:
1. Download the repository:
|[Download](https://t.ly/4XwoO)
|:--------------- |
2. Navigate to the tool's directory:
```bash
cd CVE-2024-37404
```
3. Install the required Python packages:
```bash
pip install -r requirements.txt
```
## 🚀 Usage
To use the tool, run the script from the command line as follows:
```bash
python exploit.py [options]
```
### Options
Options in README.txt
### Example
## Affected versions
Ivanti Connect Secure versions prior to 22.7R2.1 and 22.7R2.2, and Ivanti Policy Secure versions prior to 22.7R1.1
## 📈 CVSS Information
Score: 9.1
Severity: CRITICAL
Confidentiality: None
Integrity: High
Availability: High
Attack Vector: Network
Attack Complexity: Low
文件快照
[4.0K] /data/pocs/ea19fd18ce6fdf5ba8d2450c8a5fb5a97e093809
├── [ 78K] photo_2024-10-12_10-57-48.jpg
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。