da_667 on Nostr: ye gods, this is fucking wild. ...
ye gods, this is fucking wild.
https://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection/
tl;dr: users can upload files to Ivanti devices. These are supposed to be zipped log files, but the upload script doesn't actually check that they're zip files, or zipped text files, so you can actually upload whatever you want. You can generate SSL CSRs, and inject CRLF to modifying the SSL engine configuration, and point it to a file you uploaded to get RCE.
https://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection/
tl;dr: users can upload files to Ivanti devices. These are supposed to be zipped log files, but the upload script doesn't actually check that they're zip files, or zipped text files, so you can actually upload whatever you want. You can generate SSL CSRs, and inject CRLF to modifying the SSL engine configuration, and point it to a file you uploaded to get RCE.