Ivanti Connect Secure XML External Entity Vulnerability
CVE-2024-22024
Key Information:
Badges
What is CVE-2024-22024?
CVE-2024-22024 is a significant vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure, utilized for secure remote access and policy management in enterprise environments. This specific vulnerability revolves around an XML external entity (XXE) issue in the SAML component of these products. An attacker exploiting this weakness could gain unauthorized access to restricted resources, undermining the integrity of the authentication mechanisms. For organizations relying on these Ivanti solutions, the potential consequences include unauthorized data access and increased risk of internal systems being compromised.
Technical Details
The vulnerability identified as CVE-2024-22024 stems from improper handling of XML input, allowing attackers to manipulate XML data and access sensitive information without proper authentication. It affects multiple versions of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x), as well as ZTA gateways. The exploit could occur through crafted XML requests targeted at the vulnerable components of the application, creating avenues for attackers to probe internal systems and extract confidential data.
Impact of the Vulnerability
-
Unauthorized Access: The primary impact of this vulnerability is the potential for unauthorized access to sensitive resources. Attackers can exploit the XXE flaw to read files and data that should be protected, leading to severe information leaks.
-
Data Breaches: Exploitations involving this vulnerability can facilitate data breaches, as it allows attackers to bypass authentication protocols, potentially exposing personally identifiable information (PII) or proprietary company data.
-
Compromise of Internal Systems: The exploitation could also lead to further compromises within the network, as attackers might leverage gained access to introduce additional threats, escalate privileges, or deploy malware, thereby jeopardizing the organizationโs overall security posture.
Affected Version(s)
ICS 9.1R14.5
ICS 9.1R17.3
ICS 9.1R18.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.
11 months ago
CSO OnlineAttackers target new Ivanti XXE vulnerability days after patch
The new vulnerabilities were introduced by a fix for the previous Ivanti flaws, and customers are urged to install a new update.
11 months ago
Ivanti Finds Another High Severity Vulnerability
This is the fifth vulnerability revealed during February, with three of the flaws being actively exploited.
11 months ago
References
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ฅ
Vulnerability reached the number 1 worldwide trending spot
- ๐ฐ
Used in Ransomware
- ๐
Vulnerability started trending
Vulnerability published
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by Beeping Computers
Vulnerability Reserved