Exploit for Improper Authentication in Ivanti Connect_Secure CVE-2024-21887 CVE-2023-46805

Name: Exploit for Improper Authentication in Ivanti Connect_Secure CVE-2024-21887 CVE-2023-46805
Rating: 5 (78 reviews)

2024-01-18 | CVSS 9.1

## https://sploitus.com/exploit?id=2DD84790-BACE-5187-BDE1-B08B8ECD462C
# CVE-2023-46805_CVE-2024-21887
The script in this repository checks and exploits CVE-2023-46805 (Auth Bypass) and CVE-2024-21887 (Remote Code Execution) vulnerabilities specified in the Ivanti Connect Secure product exist. You can check vulnerability details this link (https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/).

USAGE:


Base Usage:
python3 CVE-2023-46805_CVE-2024-21887.py --url <URL_ADDRESS>

Proxy Usage:
python3 CVE-2023-46805_CVE-2024-21887.py --url <URL_ADDRESS> --proxy <PROXY_ADDRESS>

Exploit Usage:
python3 CVE-2023-46805_CVE-2024-21887.py --url <URL_ADDRESS> --cmd <OS_COMMAND>

![](poc.png)