Ivanti Connect Secure Admin Interface Probe for 2026-03-04

Mar 04, 2026 WebExploit

Last Updated: 12:10 UTC

/dana-admin/, /dana-cached/, and /dana-na/ are URL prefixes unique to Ivanti Connect Secure (formerly Pulse Secure). CVE-2024-21887 (command injection) and CVE-2023-46805 (authentication bypass) are chained for unauthenticated RCE without any prior credentials.

CVE References

CVE-2024-21887 CVE-2023-46805

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

/dana-ws/saml20.ws
/dana-cached/hc/HostCheckerInstaller.osx

Attackers by Country

IP Address : ASN : City/Provider

198.167.197.194 : AS39287 ab stract : Sweden

Share on: