CVE-2024-21893
Published: 31 January 2024
Summary
CVE-2024-21893 is a high-severity SSRF (CWE-918) vulnerability in Ivanti Connect Secure. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).
Deeper analysis
CVE-2024-21893 is a server-side request forgery vulnerability (CWE-918) residing in the SAML component of Ivanti Connect Secure versions 9.x and 22.x, Ivanti Policy Secure versions 9.x and 22.x, and Ivanti Neurons for ZTA. The flaw carries a CVSS 3.1 score of 8.2 and permits an unauthenticated attacker to reach restricted resources that should otherwise be inaccessible.
An attacker can exploit the issue over the network without credentials or user interaction to issue crafted requests from the affected server, resulting in high-impact confidentiality exposure combined with limited integrity effects. Because the vulnerability requires no authentication, remote adversaries, including automated scanners and threat actors, can target exposed Ivanti appliances directly.
Ivanti security advisories referenced in the supplied links address related issues in the same product families and direct customers to apply vendor-supplied patches. The CVE is also catalogued in CISA’s Known Exploited Vulnerabilities list, confirming that mitigation through updates or compensating controls is required for affected deployments.
The associated EPSS score has reached a peak of 0.9640 with a current value of 0.9432, indicating sustained and widespread exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19504
Vulnerability details
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
- CWE(s)
- KEV Date Added
- 31 January 2024
Related Threats
Threat-Actor AttributionAI
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces information flow rules that directly block the unauthorized server-initiated requests to internal resources enabled by this SAML SSRF flaw.
Requires explicit access enforcement decisions before any resource is retrieved, stopping the unauthenticated SSRF access path described in CVE-2024-21893.
Validates URL and request parameters supplied to the SAML component, preventing the malicious input that triggers the SSRF to restricted resources.