This module chains together three vulnerabilities to deploy a Core Impact agent with root privileges. First vulnerability CVE-2023-46805 is used to obtain the exact version of Ivanti Connect Secure installed on the system. Next, the module exploits a second vulnerability CVE-2024-21893 that allows the attacker to access certain restricted resources without authentication, leveraging a flaw in the SAML component. Finally, the module uses a third vulnerability CVE-2024-21887 that enables remote code execution with elevated privileges in the management component, facilitating the injection and execution of the Core Impact agent with root privileges. Also this update fixes a duplicated CVE in the Module Output
CVE Link
Exploit Platform
Exploit Type
Product Name