CVE-2024-22024

HIGH8.3

Public PoCHigh EPSS

Description

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

Ivant / ICS9.1R15.3 – 9.1R15.3
Ivanti / ICS9.1R17.3 – 9.1R17.3
Ivanti / ICS9.1R18.4 – 9.1R18.4
Ivanti / ICS22.1R6.1 – 22.1R6.1
Ivanti / ICS9.1R14.4 – 9.1R14.4
Ivanti / ICS9.1R15.2 – 9.1R15.2
Ivanti / ICS9.1R16.2 – 9.1R16.2
Ivanti / ICS9.1R17.2 – 9.1R17.2
Ivanti / ICS9.1R18.3 – 9.1R18.3
Ivanti / ICS22.2R4.1 – 22.2R4.1
Ivanti / ICS22.3R1.1 – 22.3R1.1
Ivanti / ICS22.4R1.1 – 22.4R1.1
Ivanti / ICS22.5R1.2 – 22.5R1.2
Ivanti / ICS22.6R1.1 – 22.6R1.1
Ivanti / ICS22.4R2.3 – 22.4R2.3
Ivanti / ICS22.5R2.3 – 22.5R2.3
Ivanti / ICS22.6R2.2 – 22.6R2.2
Ivanti / ICS22.3R1 – 22.3R1
Ivanti / ICS22.5R1.1 – 22.5R1.1
Ivanti / ICS22.4R2.2 – 22.4R2.2
Ivanti / ICS22.5R2.2 – 22.5R2.2
Ivanti / ICS9.1R14.5 – 9.1R14.5
Ivanti / IPS9.1R18.4 – 9.1R18.4
Ivanti / IPS9.1R17.3 – 9.1R17.3
Ivanti / IPS22.5R1.2 – 22.5R1.2
Ivanti / IPS9.1R18.2 – 9.1R18.2
Ivanti / IPS9.1R17.2 – 9.1R17.2
Ivanti / IPS22.5R1.1 – 22.5R1.1

Exploits & PoCs

nucleiIvanti Connect Secure - XXEby watchTowr

References

MISChttps://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US