Ivanti Connect Secure Admin Interface Probe for 2023-06-19

Jun 19, 2023 WebExploit

Last Updated: 12:00 UTC

/dana-admin/, /dana-cached/, and /dana-na/ are URL prefixes unique to Ivanti Connect Secure (formerly Pulse Secure). CVE-2024-21887 (command injection) and CVE-2023-46805 (authentication bypass) are chained for unauthenticated RCE without any prior credentials.

CVE References

CVE-2024-21887 CVE-2023-46805

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

/dana-cached/hc/HostCheckerInstaller.osx

Attackers by Country

IP Address : ASN : City/Provider

46.101.73.196 : AS14061 digitalocean llc : London

Share on: