CVE-2024-21893 Scanner

Ivanti Connect Secure is a widely used remote access solution that enables secure connections to corporate networks and resources. It is utilized by organizations and enterprises to facilitate remote work capabilities while maintaining robust security measures. The SAML component of Ivanti Connect Secure is integral for providing authentication and access control in remote access scenarios, ensuring secure connections for users accessing corporate resources from external locations.

The vulnerability detected in Ivanti Connect Secure is a Server Side Request Forgery (SSRF) flaw present in the SAML component. This vulnerability allows an attacker to manipulate server-side requests sent by the application, potentially accessing restricted resources without proper authentication. By exploiting SSRF, an attacker can bypass access controls and interact with internal systems or retrieve sensitive information accessible to the server.

The SSRF vulnerability is triggered by sending a crafted SOAP request to the '/dana-ws/saml20.ws' endpoint of Ivanti Connect Secure. The attacker can control the contents of the SOAP request, including the destination URI, allowing them to request access to internal resources or sensitive endpoints. Successful exploitation of this vulnerability can lead to unauthorized access to restricted resources and compromise the security of the affected system.

Exploiting this SSRF vulnerability can enable an attacker to bypass authentication controls and access sensitive internal resources, potentially leading to data exfiltration, privilege escalation, or further compromise of the network infrastructure. Attackers could leverage SSRF to interact with internal systems, retrieve confidential information, or launch subsequent attacks against other systems within the network.

By leveraging the security scanning capabilities of the securityforeveryone platform, you can proactively detect and mitigate critical vulnerabilities like SSRF in Ivanti Connect Secure. Join our platform to ensure the security of your remote access infrastructure and protect your organization from potential data breaches and unauthorized access attempts.

References

• https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis
• https://www.assetnote.io/resources/research/ivantis-pulse-connect-secure-auth-bypass-round-two
• https://github.com/advisories/GHSA-5rr9-mqhj-7cr2