This module uses a stack-based buffer overflow vulnerability to deploy an agent in Ivanti Connect Secure that will run with the nr user privileges. First, this module will check if the target is an Ivanti Connect Secure appliance. If it is, it will determine if the target is vulnerable by retrieving it's version number using 2 different methods. Then, the module will try to leak the base address of the libdsplibs.so library. To perform this, a random endpoint will be registered in the local webserver. Then, the vulnerability will be used while bruteforcing the base address of the library in order to the execute a cURL command that will send the request to the registered random endpoint. Once the base address of the libdsplibs.so library is obtained, the vulnerability will be used one more time to deploy an agent.
CVE Link
Exploit Platform
Exploit Type
Product Name