An authenticated user can exploit a command injection vulnerability in the web components of Ivanti Connect Secure (9.x and 22.x) to execute arbitrary commands. This module exploits two vulnerabilities. First, it leverages the lack of authentication in "/api/v1/totp/user-backup-code", allowing unauthenticated access and path traversal. Then, it uses this vulnerability to access the system and execute remote commands in "/api/v1/license/key-status/path:node_name". The deployed agent will run with ROOT privileges.
CVE Link
Exploit Platform
Exploit Type
Product Name