CVE-2024-21893

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure versions 9.x through 22.x Ivanti Neurons for ZTA versions 9.x through 22.x

Description A server-side request forgery (SSRF) vulnerability in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. The vulnerability is being actively exploited in the wild, with over 170 distinct IP addresses trying to exploit it. Attackers have injected a previously unknown backdoor, known as DSLog, into vulnerable Ivanti devices, allowing them to execute remote commands. The US Cybersecurity agency has issued an emergency directive, and organizations are advised to patch their systems immediately to prevent exploitation.

Recommendations For Ivanti Connect Secure versions 9.x through 22.x: Update to the latest version and apply the security patch to prevent exploitation. For Ivanti Policy Secure versions 9.x through 22.x: Update to the latest version and apply the security patch to prevent exploitation. For Ivanti Neurons for ZTA versions 9.x through 22.x: Update to the latest version and apply the security patch to prevent exploitation. As a temporary workaround, consider disabling the SAML component until a patch is available. Restrict access to the vulnerable SAML component to minimize the risk of exploitation. Avoid using the SAML authentication mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.