| Resource Type | Link | Notes |
|---|---|---|
| CVE | CVE-2023-46805 | Authentication Bypass |
| CVE | CVE-2024-21887 | Command Execution for Authn'd Admins |
| Vendor KB Article | KB-2023-46805-and-2024-21887 | |
| Exploit | Metasploit module | Chains together CVE-2023-46805 and CVE-2024-21887 |
| Blog Post | Ivanti Zero-day Vulnerabilities: CVE-2023-46805 & CVE-2024-21887 | Blog post by Caitlin Condon at Rapid7 |
| CISA Alert | Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways | CISA Alert 2024/01/10 |
| Blog | Ivanti Connect Secure Exploited to Install Cryptominers | GreyNoise blog on vuln monetization via crytomining |
| Resource Type | Link | Notes |
|---|---|---|
| CVE | CVE-2024-21888 | Privilege escalation in web interface from user to administrator |
| CVE | CVE-2024-21893 | SSRF allowing user-level access without authentication |
| Vendor KB Article | KB-CVE-2024-21888-and-21893 | |
| Press | Ivanti patches two zero-days under attack, but finds another | TechCrunch piece on third and fourth vulns |
| CISA Directive | CISA Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities | CISA Supplemental Directive updated for third and fourth vulns |
| Press | All federal civilian agencies ordered to disconnect at-risk Ivanti products by Friday | The Record by RecordedF Future News reporting on the CISA directive |
| Resource Type | Link | Notes |
|---|---|---|
| Vendor KB | CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure | Ivanti Knowledge base article on fifth vulnerability |
| Exploit | Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure | unvetted PoC for CVE-2024-22024 |
| Press | Ivanti: Patch new Connect Secure auth bypass bug immediately | Bleeping Computer article on CVE-2024-22024 |
| Press | Ivanti discloses fifth vulnerability, doesn't credit researchers who found it | Register article on fifth vulnerability |
| Discoverer | Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti? | Watchtowr Labs article on discovering vuln |
| CVE | CVE-2024-22024 | Authentication Bypass via XXE in SAML |
| Press | Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor | Press re using CVE-2024-22024 to install the DSLog backdoor |
| Whitepaper / CERT Report | Ivanti Connect Secure: Journey to the core of the DSLog backdoor | Orange Cyberdefense paper on DSLog backdoor |
| CVE Link | Type | Vendor KB |
|---|---|---|
| CVE-2023-46805 | Authentication Bypass | KB-2023-46805-and-2024-21887 |
| CVE-2024-21887 | Command Execution for Authn'd Admins | KB-2023-46805-and-2024-21887 |
| CVE-2024-21888 | Privilege escalation in web interface from user to administrator | KB-CVE-2024-21888-and-21893 |
| CVE-2024-21893 | SSRF allowing user-level access without authentication | KB-CVE-2024-21888-and-21893 |
| CVE-2024-22024 | Authentication Bypass via XXE in SAML | KB-CVE-2024-22024 |