CVE-2024-22024: New High-severity Ivanti Authentication Bypass Vulnerability

Share :

On 8 February 2024, Ivanti publicly disclosed a high-severity authentication bypass vulnerability (CVE-2024-22024) impacting Ivanti Connect Secure, Policy Secure, and ZTA products. CVE-2024-22024 is an XML external entity (XXE) flaw in the SAML component and could allow threat actors to bypass authentication and access certain restricted resources if successfully exploited. 

This vulnerability was initially discovered and responsibly disclosed by WatchTowr Labs. Arctic Wolf has not observed a publicly available proof of concept (PoC) exploit published for this vulnerability. Additionally, we have not observed active exploitation at this time. However, based on the historical targeting of recent vulnerabilities in Ivanti products, including CVE-2024-21893, CVE-2024-21887, and CVE-2023-46805, and the potential to bypass authentication, we assess threat actors will likely develop a working PoC exploit and attempt exploitation of this vulnerability in the near term. 

Recommendation for CVE-2024-22024

Upgrade Ivanti Products to Fixed Version

Arctic Wolf strongly recommends upgrading vulnerable Ivanti products to the latest released versions. 

Affected Product  Affected Versions  Fixed Version 
Connect Secure  9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1  9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3, 22.6R2.2 
Policy Secure  22.5R1.1  9.1R17.3, 9.1R18.4, 22.5R1.2 
ZTA  22.6R1.3  22.5R1.6, 22.6R1.5, 22.6R1.7 

 

Organisations that have applied the patch released on 31 January or 1 February and completed a factory reset of their appliance, do not need to factory reset their appliances again, according to Ivanti. 

References

  1. Ivanti Article
  2. WatchTowr Labs Responsible Disclosure 
  3. Arctic Wolf Blog (CVE-2024-21887 & CVE-2023-46805)
  4. Volexity Blog 1 
  5. Volexity Blog 2

See other important security bulletins from Arctic Wolf.

Steven Campbell

Steven Campbell

Steven Campbell is a Senior Threat Intelligence Researcher at Arctic Wolf Labs and has more than eight years of experience in intelligence analysis and security research. He has a strong background in infrastructure analysis and adversary tradecraft.
Share :
Table of Contents
Categories