Exploits around the Ivanti Connect “Secure” VPN appliance, taking advantage of CVE-2023-46805, continue evolving. Late on Tuesday, more details became public, particularly the blog post by Rapid7 explaining the underlying vulnerability in depth [1]. Rapid7 also does a good job walking you through how Ivanti obfuscates the LUKS key in its appliance. This will make it easier for security researchers to inspect the code, hopefully pointing out additional vulnerabilities to Ivanti in the future. In other words, get ready for more Ivanti exploits, and hopefully patches, this year.
Article Link: https://isc.sans.edu/diary/rss/30568