Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA Vulnerability Allows Access Without Authentication

CVECVE-2024-21893
CVSScvssV3_0: 8.2
SourceCVE-2024-21893

Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA are network security tools that use SAML (Security Assertion Markup Language) for single sign-on authentication. However, a vulnerability has been discovered that allows attackers to bypass authentication and access restricted resources.

The vulnerability is a server-side request forgery (SSRF) issue in the SAML component. SSRF attacks allow a malicious actor to induce the target server to make requests to other machines and services it would not normally access. In this case, an attacker could craft requests that the SAML component treats as valid, even without providing valid credentials.

This allows an unauthorized person to potentially view or modify private information like account details, stored files or communications. They could also launch further attacks on connected systems and networks since authentication is bypassed.

To protect yourself, users should ensure their Ivanti Connect Secure, Ivanti Policy Secure or Ivanti Neurons for ZTA installations are updated to the latest versions, which include fixes for this vulnerability. Regular patching is also recommended to address any other issues. You can check with the vendor for update availability.

Proper network segmentation and access controls can further reduce risks by limiting what unauthenticated individuals can access even if authentication is bypassed due to a vulnerability. Overall vigilance about application and system security is important to prevent and mitigate attacks.

References