SUBJECT: Urgent Mitigation Required: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA - Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-21893)
TECH STACK: Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x), Ivanti Neurons for ZTA
DATE(S) ISSUED: 01/31/2024
NVD Last Modified: 01/31/2024
CRITICALITY: HIGH (CVSS score:8.2)
OVERVIEW:
A critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-21893) has been identified in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA versions 9.x and 22.x. This vulnerability allows an attacker to access certain restricted resources without authentication, potentially compromising the entire system.
SOLUTION:
Immediate Action:
- Apply the patch: Ivanti has released patches for all affected versions. Download and install the appropriate patch for your environment immediately. You can find the patches and instructions on the Ivanti support portal: https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
- If patching is not possible: If patching is not possible due to downtime constraints or other reasons, disable SAML authentication until the patch can be applied. This is a temporary workaround and should only be used as a last resort.
Confirmation & Additional Information:
Additional Recommendations:
- Review logs for suspicious activity: After applying the patch or workaround, review your system logs for any suspicious activity that may have occurred before the mitigation was implemented.
- Enable additional security measures: Consider implementing additional security measures, such as web application firewalls (WAFs) and intrusion detection/prevention systems (IDS/IPS), to further protect your system from SSRF attacks.
REFERENCES:
Third Party Advisories: