{"vulnerability": "CVE-2024-37404", "sightings": [{"uuid": "4ee30fed-e5b5-48e5-967b-e2da68ce8d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "MISP/5c757488-3b44-49b3-b165-1bf341712117", "content": "", "creation_timestamp": "2024-11-22T11:07:13.000000Z"}, {"uuid": "b4d49431-c62e-4ef4-85b0-bbe191452436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "a29dfc7c-2dda-4f32-89e1-bf382988cce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:03.000000Z"}, {"uuid": "4559cd69-7228-47c5-bf1a-c11a3f5fba1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:03.000000Z"}, {"uuid": "e69f638d-48db-4184-a367-01c5a2a18edf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2024_37404.rb", "content": "", "creation_timestamp": "2024-12-04T16:32:08.000000Z"}, {"uuid": "673da837-1016-49d5-afce-018657853f84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1395", "content": "", "creation_timestamp": "2024-10-10T04:00:00.000000Z"}, {"uuid": "c95fc63f-f4b0-4243-a229-f4feae727aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/kasperskyb2b/1445", "content": "\u26a0\ufe0f \u041f\u043e\u0447\u0442\u0438 \u0444\u043b\u044d\u0448-\u0440\u043e\u044f\u043b\u044c: \u043f\u0430\u0442\u0447\u0438\u043c Fortinet, Palo Alto \u0438 Ivanti\n\n\u0421\u043b\u043e\u0436\u043d\u0430\u044f \u043d\u0435\u0434\u0435\u043b\u044c\u043a\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u0439 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0430 \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u2014 \u0434\u043b\u044f \u0438\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432.\n\n\u0411\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c Palo Alto \u043f\u043e\u0441\u0432\u044f\u0449\u0451\u043d \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Palo Alto Networks Expedition, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u0438 API-\u043a\u043b\u044e\u0447\u0438 \u043e\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 PAN-OS. \u0420\u0435\u0439\u0442\u0438\u043d\u0433 CVSS \u0434\u043b\u044f \u044d\u0442\u0438\u0445 CVE  \u0432\u0430\u0440\u044c\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043e\u0442 7 \u0434\u043e 9.9, \u043f\u043e\u0441\u043b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043e \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u0441\u0435 \u043f\u0430\u0440\u043e\u043b\u0438 \u0438 API-\u043a\u043b\u044e\u0447\u0438. \u0421\u0430\u043c\u0438 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u044d\u043a\u0440\u0430\u043d\u044b \u0434\u0435\u0444\u0435\u043a\u0442\u0430\u043c\u0438 \u043d\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b. \u0415\u0441\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0438 PoC, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0432\u0438\u0434\u0438\u043c\u043e, \u043d\u0435 \u0437\u0430 \u0433\u043e\u0440\u0430\u043c\u0438.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c CISA \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2024-23113, \u044d\u0442\u043e RCE \u0432 FortiOS \u0441 CVSS 9.8, \u0437\u0430\u043a\u0440\u044b\u0442\u0430\u044f \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u0430\u044f \u0432 \u0430\u043f\u0440\u0435\u043b\u0435. \u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b FortiOS, FortiPAM, FortiProxy \u0438 FortiWeb. \u0410\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u043c \u0433\u043e\u0441\u043e\u0440\u0433\u0430\u043d\u0430\u043c \u0432\u0435\u043b\u0435\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u0442\u0447\u0438 \u0438\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043c\u0438\u0442\u0438\u0433\u0430\u0446\u0438\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0442\u0440\u0451\u0445 \u043d\u0435\u0434\u0435\u043b\u044c, \u0432\u0441\u0435\u043c \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u043c \u0442\u043e\u0436\u0435 \u0441\u0442\u043e\u0438\u0442 \u043f\u043e\u0442\u043e\u0440\u043e\u043f\u0438\u0442\u044c\u0441\u044f.\n\n\u041d\u0443 \u0430 Ivanti \u0441\u0442\u043e\u0439\u043a\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0438\u0434\u0442\u0438 \u043f\u0440\u0435\u0436\u043d\u0438\u043c \u043a\u0443\u0440\u0441\u043e\u043c, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u0432 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u0442\u0440\u0438 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u043c, \u0443\u0441\u0442\u0440\u0430\u043d\u0451\u043d\u043d\u044b\u043c \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435, \u0441\u043d\u043e\u0432\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \n\u0420\u0435\u0447\u044c \u043f\u0440\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438  \u0432  Ivanti Cloud Services Application  (CVE-2024-9379, -9380, -9388 \u043f\u043b\u044e\u0441 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f CVE-2024-8963), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \u0412\u0435\u043d\u0434\u043e\u0440 \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u043d\u0430 \u043b\u0438\u043d\u0435\u0439\u043a\u0435 CSA 5.0 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u043e, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0432\u0435\u0440\u0441\u0438\u0438 4.6.\n\u0420\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u043e \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u0434\u0440\u0443\u0433\u0438\u0445 \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u044b\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 \u2014 CVE-2024-7612 \u0432 Ivanti Endpoint Manager Mobile  (\u043d\u0435\u043f\u0440\u0430\u0432\u043e\u043c\u0435\u0440\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, CVSS 8.8) \u0438 CVE-2024-37404 \u0432 Ivanti Connect Secure / Policy Secure  (RCE, CVSS 9.1).\n\n\u0422\u0435, \u043a\u0442\u043e \u043d\u0435 \u0438\u043c\u043f\u043e\u0440\u0442\u043e\u0437\u0430\u043c\u0435\u0449\u0430\u0435\u0442\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u043c\u0438\u043d\u0443\u0442\u044b, \u0443\u0436\u0435 \u0431\u0435\u0433\u0443\u0442 \u0438\u0441\u043a\u0430\u0442\u044c \u0430\u043f\u0434\u0435\u0439\u0442\u044b.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-10-10T10:01:33.000000Z"}, {"uuid": "fa62da96-240b-4ca3-a1bc-b4e47ec2ec3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/15627", "content": "\u200aCVE-2024-37404: Critical RCE Flaw Discovered in Ivanti Connect Secure &amp; Policy Secure, PoC Published\n\nhttps://securityonline.info/cve-2024-37404-critical-rce-flaw-discovered-in-ivanti-connect-secure-policy-secure-poc-published/", "creation_timestamp": "2024-10-10T09:20:28.000000Z"}, {"uuid": "7df1bc54-80a4-494b-b6ab-e170d0f4f94d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "https://t.me/cvedetector/8349", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37404 - Ivanti Connect Secure Arbitrary Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37404 \nPublished : Oct. 18, 2024, 11:15 p.m. | 41\u00a0minutes ago \nDescription : Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T02:06:52.000000Z"}, {"uuid": "7f825ef4-6e8d-45f6-be03-b0de6cc6dd94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/544", "content": "https://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection/\n\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)\n#\u5206\u6790 #poc", "creation_timestamp": "2024-10-13T14:10:12.000000Z"}, {"uuid": "80cdda78-6280-4aad-854a-c78baec04b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "https://t.me/ZeroDay_TM/891", "content": "Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)\n\n- Ivanti Connect Secure versions prior to 22.7R2.1 and 22.7R2.2, and Ivanti Policy Secure versions prior to 22.7R1.1, contain a CRLF injection vulnerability which could be exploited by an authenticated administrator to execute arbitrary code with root privileges.\n\nSearch Query:\nHUNTER:/product.name=\"Ivanti Connect Secure\"\nSHODAN: http.title:\"Ivanti Connect Secure\"\nFOFA: app=\"ivanti-Connect-Secure\"\n#RCE #CSRF #vulnerability\n-   -   -   -   -   -   -   -   -\n\u2022 @Old_Unclee\n\u2022 @ZeroDay_TM", "creation_timestamp": "2024-10-18T20:25:31.000000Z"}, {"uuid": "85833a47-70f1-4962-b17e-b8b9d9de83ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "Telegram/H6htkkOSY2gU4oZNeFQKNEm1rHUkhbADYOIVaEkcZxyxQkFb", "content": "", "creation_timestamp": "2024-10-16T11:50:59.000000Z"}, {"uuid": "2075d746-5363-461f-989b-d3a43c3b083b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3311", "content": "https://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection/\n\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)\n#\u5206\u6790 #poc", "creation_timestamp": "2024-10-13T05:08:04.000000Z"}, {"uuid": "1807e539-aa2c-4954-a909-b17b7f566776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "Telegram/3iXwGwZ-k6vzL6K4nHtvrenTEAbklyMKBywg6IPFHgC9MX0", "content": "", "creation_timestamp": "2025-02-11T14:41:47.000000Z"}, {"uuid": "937032f0-41ec-4214-a521-922398d8dd7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11280", "content": "#exploit\n1. CVE-2024-42640:\nUnauthenticated RCE via Angular-Base64-Upload Library\nhttps://github.com/rvizx/CVE-2024-42640\n\n2. CVE-2024-37404:\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection\nhttps://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection\n\n3. CVE-2023-52447:\nLinux Kernel BPF memory corruption\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-52447_cos", "creation_timestamp": "2024-10-14T17:10:12.000000Z"}, {"uuid": "b3972f9a-6548-400b-a3cb-887e27cfafa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/god_of_server/4", "content": "#Exploit\n1. CVE-2024-42640:\nUnauthenticated RCE via Angular-Base64-Upload Library\nhttps://github.com/rvizx/CVE-2024-42640\n\n2. CVE-2024-37404:\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection\nhttps://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection\n\n3. CVE-2023-52447:\nLinux Kernel BPF memory corruption\nhttps://github.com/google/security-research/tree/master/pocs/linux8 /kernelctf/CVE-2023-52447_cos\n\nHonestly, I've used that number 1 angular method is almost like node.js with rce. \ud83d\ude07", "creation_timestamp": "2024-10-24T06:17:45.000000Z"}, {"uuid": "1c1d50e0-c244-49f5-9e76-87c3434b7611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37404", "type": "published-proof-of-concept", "source": "https://t.me/god_of_server/9", "content": "#exploit\n1. CVE-2024-42640:\nUnauthenticated RCE via Angular-Base64-Upload Library\nhttps://github.com/rvizx/CVE-2024-42640\n\n2. CVE-2024-37404:\nIvanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection\nhttps://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection\n\n3. CVE-2023-52447:\nLinux Kernel BPF memory corruption\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-52447_cos\n\n\nGood luck bro ...", "creation_timestamp": "2024-10-26T13:59:22.000000Z"}]}