VPN-IVANTI-PULSEInitial Access

Ivanti Pulse / Connect Secure RCE

Auth bypass + command injection chain (CVE-2023-46805 + CVE-2024-21887 et al.) — pre-auth RCE on the appliance.

§ Where this technique fits

VPN-IVANTI-PULSE is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Ivanti Pulse Connect Secure → pre-auth RCE → corporate VPN takeover
Two-stage chain (auth bypass + command injection) lands root on the Pulse appliance. Exfil VPN configs, pivot through the tunnel into the corporate network.
step 2 / 6

§ What commonly comes next

01
VPN Configuration Exfil
VPN-CONFIG-EXFIL · Collection
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Ivanti Pulse Connect Secure → pre-auth RCE → corporate VPN takeover

§ What commonly comes next