⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-02-02.
CVE-2024-21893 — Server-Side Request Forgery in Ivanti ICS
Severity
8.2HIGHNVD
EPSS
94.3%
top 0.05%
CISA KEV
KEVRansomware
Added 2024-01-31
Due 2024-02-02
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 31
KEV addedJan 31
KEV dueFeb 2
Latest updateFeb 15
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2
Affected Packages5 packages
🔴Vulnerability Details
3GHSA▶
GHSA-5rr9-mqhj-7cr2: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9↗2024-01-31
CVEList▶
CVE-2024-21893: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9↗2024-01-31
VulnCheck▶
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability↗2024
💥Exploits & PoCs
2Nuclei▶
Ivanti SAML - Server Side Request Forgery (SSRF)
🔍Detection Rules
1Suricata▶
ET EXPLOIT Ivanti Connect Secure (9.x,22.x) / Ivanti Policy Secure (9.x,22.x) / Ivanti Neurons for ZTA SSRF Pattern (CVE-2024-21893)↗2024-02-02