Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways

2024-02-0903:35:00

The Hacker News

thehackernews.com

ivanti

connect secure

policy secure

zta

xxe

authentication bypass

cve-2024-22024

vulnerability

cybersecurity

watchtowr

8.8 High

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON

Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication.

The issue, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the CVSS scoring system.

“An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication,” the company said in an advisory.

The company said it discovered the flaw during an internal review as part of its ongoing investigation into multiple security weaknesses in the products that have come to light since the start of the year, including CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893.

CVE-2024-22024 affects the following versions of the products -

Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, and 22.5R1.1)
Ivanti Policy Secure (version 22.5R1.1)
ZTA (version 22.6R1.3)

Patches for the bug are available in Connect Secure versions 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3, and 22.6R2.2; Policy Secure versions 9.1R17.3, 9.1R18.4, and 22.5R1.2; and ZTA versions 22.5R1.6, 22.6R1.5, and 22.6R1.7.

Ivanti said there is no evidence of active exploitation of the flaw, but with CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 coming under broad abuse, it’s imperative that users move quickly to apply the latest fixes.

Update

Cybersecurity firm watchTowr, which said it disclosed CVE-2024-22024 to Ivanti in early February 2024, noted the issue stems from an incorrect fix for CVE-2024-21893 that was introduced in the latest version of the software.

“XXE is an introduction to a variety of impacts: DOS, Local File Read, and SSRF,” it said. “The impact, plainly, of the SSRF depends on what protocols are available for usage.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.