Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-22024XML External Entity (XXE) Injection in Ivanti ICS

CWE-611XML External Entity (XXE) Injection13 documents11 sources
Severity
8.3HIGHNVD
EPSS
94.2%
top 0.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Ivant ICSIvanti ICSIvanti IPS+3 more
Timeline
PublishedFeb 13
Latest updateFeb 15

Description

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.7

Affected Packages6 packages

NVDivanti/connect_secure22.4, 22.5, 9.1+2
CVEListV5ivanti/ics9.1R14.59.1R14.5+11
CVEListV5ivanti/ips9.1R18.49.1R18.4+2

🔴Vulnerability Details

3
CVEList
CVE-2024-22024: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (92024-02-13
GHSA
GHSA-cmg9-p9gp-g7mr: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (92024-02-13
VulnCheck
Ivanti Connect Secure and Policy Secure Improper Restriction of XML External Entity Reference2024

💥Exploits & PoCs

1
Nuclei
Ivanti Connect Secure - XXE

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Ivanti Connect Secure XXE Attempt (CVE-2024-22024)2024-02-09

📋Vendor Advisories

1
Ivanti
Ivanti Connect Secure XXE Vulnerability

🕵️Threat Intelligence

4
Bleepingcomputer
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs2024-02-15
Bleepingcomputer
Ivanti: Patch new Connect Secure auth bypass bug immediately2024-02-08
Unit42
Threat Brief: Multiple Ivanti Vulnerabilities (Updated Feb. 29)2024-01-16
Huntress
CVE-2024-22024 (Ivanti XXE) Vulnerability: Analysis & Detection | Huntress
CVE-2024-22024 — XML External Entity (XXE) Injection | cvebase