Ivanti Connect Secure Admin Interface Probe for 2026-03-14

Last Updated: 12:16 UTC

/dana-admin/, /dana-cached/, and /dana-na/ are URL prefixes unique to Ivanti Connect Secure (formerly Pulse Secure). CVE-2024-21887 (command injection) and CVE-2023-46805 (authentication bypass) are chained for unauthenticated RCE without any prior credentials.

CVE References

CVE-2024-21887 CVE-2023-46805

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

• /dana-cached/hc/HostCheckerInstaller.osx

Attackers by Country

IP Address : ASN : City/Provider

• 172.105.177.106 : unknown : unknown