{"uuid": "80cdda78-6280-4aad-854a-c78baec04b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37404", "type": "seen", "source": "https://t.me/ZeroDay_TM/891", "content": "Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)\n\n- Ivanti Connect Secure versions prior to 22.7R2.1 and 22.7R2.2, and Ivanti Policy Secure versions prior to 22.7R1.1, contain a CRLF injection vulnerability which could be exploited by an authenticated administrator to execute arbitrary code with root privileges.\n\nSearch Query:\nHUNTER:/product.name=\"Ivanti Connect Secure\"\nSHODAN: http.title:\"Ivanti Connect Secure\"\nFOFA: app=\"ivanti-Connect-Secure\"\n#RCE #CSRF #vulnerability\n-   -   -   -   -   -   -   -   -\n\u2022 @Old_Unclee\n\u2022 @ZeroDay_TM", "creation_timestamp": "2024-10-18T20:25:31.000000Z"}