Ivanti.Connect.Secure.DSLog.Backdoor
Description
This indicates that a connection to a backdoor on Ivanti Connect Secure was detected in the network.
The backdoor allows a remote attacker to execute arbitrary commands by sending a crafted HTTP request to the victim. The method through which it is installed is tracked as CVE-2024-21893.
Affected Products
Ivanti Connect Secure (9.x, 22.x)
Ivanti Policy Secure (9.x, 22.x)
Ivanti Neurons for ZTA
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |