Iran – 🔥CVE-2024-22024 : Ivanti Connect Secure 9.x, 22.x & Ivanti Policy Secure 9.x, 22.x & ZTA Gateways 22.6R1.3 ‘SAML Component’ – Unauthenticated XML External Entity (XXE)
🟢POC N/A : https://github.com/0dteam/CVE-2024-22024
🔥CVE-2023-46805 : Ivanti Connect Secure 9.x, 22.x & Ivanti Policy Secure 9.x, 22.x ‘Web Component’ – Authentication Bypass
🟢SCAN : https://github.com/Chocapikk/CVE-2023-46805
🔥CVE-2024-21887 : Ivanti Connect Secure 9.x, 22.x & Ivanti Policy Secure 9.x, 22.x ‘Web Component’ – (Authenticated Administrator) Arbitrary Command Execution
🟢POC N/A : https://github.com/imhunterand/CVE-2024-21887
🤩High Signal Detection and Exploitation of Ivanti’s Pulse Connect Secure Auth Bypass & RCE
➡️Blog : https://www.assetnote.io/resources/research/high-signal-detection-and-exploitation-of-ivantis-pulse-connect-secure-auth-bypass-rce
// APT IRAN
