Will Dormann on Nostr: This is great stuff. Ivanti Connect Secure CVE-2023-46805: You can access resources ...
This is great stuff.
Ivanti Connect Secure CVE-2023-46805: You can access resources by prefixing with any number of no-auth resources and directory traversal to where you want to go.
CVE-2024-21887: Command injection with certain targets.
Paying customers can mitigate the former.
https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis
Ivanti Connect Secure CVE-2023-46805: You can access resources by prefixing with any number of no-auth resources and directory traversal to where you want to go.
CVE-2024-21887: Command injection with certain targets.
Paying customers can mitigate the former.
https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis