1 min read

Mitigation Instructions for CVE-2024-21893

Mitigation Instructions for CVE-2024-21893

SUBJECT: Urgent Mitigation Required: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA - Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-21893)

TECH STACK:  Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x), Ivanti Neurons for ZTA

DATE(S) ISSUED: 01/31/2024

NVD Last Modified: 01/31/2024

CRITICALITY: HIGH (CVSS score:8.2)

OVERVIEW: 

A critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-21893) has been identified in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA versions 9.x and 22.x. This vulnerability allows an attacker to access certain restricted resources without authentication, potentially compromising the entire system.

SOLUTION: 

Immediate Action:

  1. Apply the patch: Ivanti has released patches for all affected versions. Download and install the appropriate patch for your environment immediately. You can find the patches and instructions on the Ivanti support portal: https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
  1. If patching is not possible: If patching is not possible due to downtime constraints or other reasons, disable SAML authentication until the patch can be applied. This is a temporary workaround and should only be used as a last resort.

Confirmation & Additional Information:

Additional Recommendations:

  1. Review logs for suspicious activity: After applying the patch or workaround, review your system logs for any suspicious activity that may have occurred before the mitigation was implemented.
  2. Enable additional security measures: Consider implementing additional security measures, such as web application firewalls (WAFs) and intrusion detection/prevention systems (IDS/IPS), to further protect your system from SSRF attacks.

REFERENCES:

Third Party Advisories:

Mitigation Instructions for CVE-2016-4437

Mitigation Instructions for CVE-2016-4437

Mitigating CVE-2016-4437: Remote Code Execution Vulnerability in Apache ActiveMQ

Read More
Mitigation Instructions for CVE-2013-1896

Mitigation Instructions for CVE-2013-1896

Mitigating CVE-2013-1896: Privilege Escalation Vulnerability in Puppet

Read More
Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Subject: Mitigating CVE-2014-6271: Shellshock Vulnerability in Bash

Read More