Detections
Analytics

CVE-2024-21893

critical

Description

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

From the Tenable Blog

CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

Published: 2024-01-31

Frequently asked questions for five CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days.

References

https://thehackernews.com/2025/03/over-400-ips-exploiting-multiple-ssrf.html

https://www.greynoise.io/blog/new-ssrf-exploitation-surge

https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/

https://securelist.com/vulnerability-report-q1-2024/112554/

https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/

https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/

https://www.bankinfosecurity.com/chinese-group-runs-highly-persistent-ivanti-0-day-exploits-a-24471?&web_view=true

https://www.assetnote.io/resources/research/ivantis-pulse-connect-secure-auth-bypass-round-two

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-zero-day-exploited-in-attacks/

https://www.bleepingcomputer.com/news/security/new-ivanti-rce-flaw-may-impact-16-000-exposed-vpn-gateways/

https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence

https://www.tenable.com/blog/cve-2025-0282-ivanti-connect-secure-zero-day-vulnerability-exploited-in-the-wild

https://www.tenable.com/blog/cve-2024-7593-ivanti-virtual-traffic-manager-authentication-bypass-vulnerability

https://www.tenable.com/blog/cve-2023-46805-cve-2024-21887-cve-2024-21888-and-cve-2024-21893-frequently-asked-questions

https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

Details

Source: Mitre, NVD

Published: 2024-01-31

Updated: 2024-11-29

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N

Severity: High

CVSS v3

Base Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity: High

CVSS v4

Base Score: 9.2

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Severity: Critical

EPSS

EPSS: 0.9432

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Concern