| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-44529 | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability | primary_impact | T1195.002 | Compromise Software Supply Chain |
Comments
This vulnerability is exploited after an adversary sends a maliciously crafted cookie to the client endpoint (/client/index.php) to exploit Ivanti systems that utilized a malicious version of the "csrf-magic", which creates a backdoor into an Ivanti system. An unauthorized user can then execute malicious code stored in the cookie via Ivanti's "nobody" user account.
References
|
| CVE-2021-44529 | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is exploited after an adversary sends a maliciously crafted cookie to the client endpoint (/client/index.php) to exploit Ivanti systems that utilized a malicious version of the "csrf-magic", which creates a backdoor into an Ivanti system. An unauthorized user can then execute malicious code stored in the cookie via Ivanti's "nobody" user account.
References
|