Skip to content
/ Ivanti-EPM-Coercion-Vulnerabilities Public

Proof of concept exploit for Ivanti EPM CVE-2024-13159 and others

9 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
CVE-2024-13159.py
CVE-2024-13159.py
 
 
README.md
README.md
 
 

Repository files navigation

Ivanti EPM Coercion Vulnerabilities

Proof of concept exploits for Ivanti EPM CVE-2024-13159 and others which allows for unauthenticated coercion of the Ivanti EPM machine credential for use in relay attacks.

Blog Post

Deep-dive analysis here: https://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/

Usage

% python3 CVE-2024-13159.py -h
usage: CVE-2024-13159.py [-h] -u URL -t TARGET

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     The base URL of the target
  -t TARGET, --target TARGET
                        The target IP to reach out to

Follow the Horizon3.ai Attack Team on Twitter for the latest security research:

Disclaimer

This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.

About

Proof of concept exploit for Ivanti EPM CVE-2024-13159 and others

Resources

Readme
Activity
Custom properties

Stars

9 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages