Cert2Connect

Ivanti Connect Secure Vulnerabilities Targeted By UNC5325

UNC5325 a suspected threat actor with ties to China has been observed exploiting vulnerabilities in Ivanti Connect Secure appliances. They employ living-off-the-land (LotL) techniques for stealth and backdoors for persistence across system changes. UNC5325 targeted Ivanti Connect Secure appliances with CVE-2024-21893 as early as Jan. 19 2024 exploiting a server-side request forgery (SSRF) flaw in the SAML component. Subsequently they combined this with command injection vulnerabilities from CVE-2024-21887. Some instances involved using public services like Interactsh to confirm the vulnerability. Upon identifying vulnerable targets UNC5325 executed follow-up commands for reconnaissance and occasionally establishing a reverse shell.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak