Ivanti Connect Secure XML External Entity Vulnerability
Key Information
- Vendor
- Ivanti
- Status
- ICS
- IPS
- Vendor
- CVE Published:
- 13 February 2024
Badges
Summary
The vulnerability CVE-2024-22024 affects the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateways and allows an attacker to bypass authentication and access restricted resources. It has been found to be susceptible to exploitation, but there are no known instances of exploitation by ransomware groups. The suggested course of action is to upgrade Ivanti products to the fixed versions provided by the vendor in order to mitigate the risk of exploitation.
Affected Version(s)
ICS < 9.1R14.5
ICS < 9.1R17.3
ICS < 9.1R18.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.
9 months ago
CSO Online CVE-2024-22024CVE-2024-21893Attackers target new Ivanti XXE vulnerability days after patch
The new vulnerabilities were introduced by a fix for the previous Ivanti flaws, and customers are urged to install a new update.
9 months ago
Ivanti Finds Another High Severity Vulnerability
This is the fifth vulnerability revealed during February, with three of the flaws being actively exploited.
9 months ago
CVSS V3.1
Timeline
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
Vulnerability published.
- 👾
Exploit exists.
First article discovered by Beeping Computers
Vulnerability Reserved.