216.73.217.22

Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation

· Published 10/05/2024 09:06 · Modified 10/05/2024 09:27

Export JSON

Essential information

Published
10/05/2024 09:06
Modified
10/05/2024 09:27
Tags
2024-05-05 2024-05-06 2024-05-07 2024-05-08 2024-05-09 2024-05-10 CVE-2023-46805 CVE-2024-21887 botnet ivanti mirai
Related entities
2 vulnerabilities (cve), 23 observables, 6 techniques (mitre), 1 malware

Description

Juniper Threat Labs has observed attempts to exploit Pulse Secure authentication bypass and remote code execution vulnerabilities ( and ), leading to the delivery of payloads. This analysis explores the vulnerabilities, exploitation methods, observed payloads, and Juniper's response, highlighting the importance of understanding and mitigating these threats to protect network security.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (2)

CVE-2024-21887 KEV
9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector
Network
Published
10/01/2024
Modified
27/05/2026
CVE-2023-46805 KEV
8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …

Attack vector
Network
Published
10/01/2024
Modified
27/05/2026

Observables (23)

  • 192.3.152.183
  • f20da76d75c7966abcbc050dde259a2c85b331c80cce0d113bc976734b78d61d
  • d6f5fc248e4c8fc7a86a8193eb970fe9503f2766951a3e4b8c084684e423e917
  • cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd
  • b9d92f637996e981006173eb207734301ff69ded8f9c2a7f0c9b6d5fcc9063a2
  • b0bc9a42a874cab6583e4993de7cc11a2b8343a4453bda97b83b0c2975e7181d
  • a843971908aa31a81d96cc8383dcde7f386050c6e3437ad6a470f43dc2bf894b
  • 9b5fe87aaa4f7ae1c375276bfe36bc862a150478db37450858bbfb3fb81123c2
  • 8f0c5baaca3b81bdaf404de8e7dcca1e60b01505297d14d85fea36067c2a0f14
  • 850d3521693b4e1ec79981b3232e87b0bc22af327300dfdc7ea1b7a7e97619cd
  • 67d989388b188a817a4d006503e5350a1a2af7eb64006ec6ad6acc51e29fdcd5
  • 5fcbe868a8c53b7146724d579ff82252f00d62049a75a04baa4476e300b42d15
  • 5d155f86425b02e45a6a5d62eb8ce7827c9c43f3025bffd6d996aabd039d27f9
  • 5b20ed646362a2c6cdc5ca0a79850c7d816248c7fd5f5203ce598a4acd509f6b
  • 575f0acd67df2620378fb5bd8379fd2f2ba0539b614986d60e85822ba0e9aa08
  • 53f6cedcf89fccdcb6b4b9c7c756f73be3e027645548ee7370fd3486840099c4
  • 3e785100c227af58767f253e4dfe937b2aa755c363a1497099b63e3079209800
  • 3d19de117388d50e5685d203683c2045881a92646c69ee6d4b99a71bf65dafa7
  • 1e6d93a27b0d7e97df5405650986e32641696967c07df3fa8edd41063b49507b
  • 10686a12b7241a0836db6501a130ab67c7b38dbd583ccd39c9e655096695932e
  • 038187ceb4df706b13967d2a4bff9f67256ba9615c43196f307145a01729b3b8
  • c27b64277c3d14b4c78f42ca9ee2438b602416f988f06cb1a3e026eab2425ffc
  • 4e2c5513cf1c4a3c12c6e108d0120d57355b3411c30d59dfb0d263ad932b6868

Techniques (MITRE) (6)

  • T1609
    Container Administration Command
  • T1082
    System Information Discovery
  • T1105
    Ingress Tool Transfer
  • T1204
    User Execution
  • T1190
    Exploit Public-Facing Application
  • T1059
    Command and Scripting Interpreter

Malware (1)

  • Mirai
    Family
    Published 21/05/2026 23:03 · Modified 21/05/2026 23:03

External references