CVE-2024-22024

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure versions 9.x through 22.x ZTA gateways version 22.6R1.3 and earlier

Description The issue is an XML external entity (XXE) vulnerability in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways. This vulnerability allows an attacker to access certain restricted resources without authentication. The estimated number of potentially affected devices worldwide is over 20,000 ICS VPN gateways. There have been reports of significant scanning activity seeking devices vulnerable to this issue, with over 240,000 requests and 30,000 hosts targeted. Attack traffic has been observed from 11 different countries. The vulnerability can be exploited by sending a malicious SAML request to the vulnerable device, specifically to the "/dana-na/auth/saml-sso.cgi" endpoint with a SAMLRequest parameter.

Recommendations For Ivanti Connect Secure versions 9.x through 22.x: Update to the latest version that includes the patch for this vulnerability. For Ivanti Policy Secure versions 9.x through 22.x: Update to the latest version that includes the patch for this vulnerability. For ZTA gateways version 22.6R1.3 and earlier: Update to version 22.6R1.3 or later, which includes the patch for this vulnerability. As a temporary workaround, consider restricting access to the SAML component until a patch is available.