Ivanti Hit by Fresh Security Snafu: Patch Now to Seal High-Severity Authentication Bypass Leak!

Ivanti’s security salsa gets spicier with a new flaw—CVE-2024-22024—letting hackers tango past authentication. Patch your steps pronto!

Hot Take:

Well, it seems that Ivanti’s been playing “Whack-a-Mole” with security flaws, and this time it’s an XXE vulnerability that’s popped up to say “hello” to all the unpatched devices out there. If you’re using Ivanti’s Connect Secure, Policy Secure, or their ZTA gateways, it might be time to roll up your sleeves and patch things up—before the cyber baddies turn your network into an all-you-can-eat buffet!

Key Points:

  • Ivanti announces a high-severity flaw, CVE-2024-22024, allowing attackers to bypass authentication via an XXE vulnerability in the SAML component.
  • The flaw affects various versions of Ivanti Connect Secure, Policy Secure, and ZTA gateways, and the CVSS score of 8.3 indicates it’s a biggie.
  • Discovered through internal review, CVE-2024-22024 joins the not-so-exclusive club of Ivanti vulnerabilities found this year.
  • Updates and patches are ready for the taking, with Ivanti urging users to apply them quicker than a cat on a hot tin roof.
  • No active exploitation of the flaw has been reported, but considering the recent exploitation of other Ivanti CVEs, it’s better to be safe than sorry.
Cve id: CVE-2024-21888
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

Cve id: CVE-2023-46805
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Cve id: CVE-2024-22024
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 02/13/2024
Cve description: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Cve id: CVE-2024-21893
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Cve id: CVE-2024-21887
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Need to know more?

When Patches Become Your Besties

Imagine you're enjoying a peaceful day at the digital park, and suddenly, an XXE (eXtra Xtra Emergency) vulnerability swings by, uninvited. That's what users of Ivanti's Connect Secure, Policy Secure, and ZTA gateways are dealing with right now. Thankfully, Ivanti's not leaving anyone high and dry. They've got patches galore, serving up a digital buffet of updates to slap that vulnerability out of the park.

A Vulnerability Parade

It's like Ivanti's vulnerabilities decided to have a reunion, and everyone's invited! CVE-2024-22024 is just the latest addition to a growing list of security party crashers that have surfaced this year. If you're sporting one of the affected versions, it's time to get your patch on and join the update fiesta. Think of it as an exclusive club, where the bouncers are patches, and the only way to get in is to update your way to safety.

No Exploitation? No Complacency!

Now, just because the cyber villains haven't started their attack doesn't mean you can kick back and relax. Ivanti's previous vulnerabilities have seen some action, which is like a neon "Open for Hacking" sign in the world of cybersecurity. Patching up is like taking down that sign and putting up a "Beware of the Dog" instead. And in this case, the dog is a fierce patch that keeps the attackers at bay.

Conclusion: The Patching Marathon

So, what's the moral of the story? It's simple: Patch, patch, and then patch some more. Ivanti's doing their part by providing the fixes, and it's up to users to take a brisk jog (or sprint) down Patch Lane. Remember, in the race against vulnerabilities, the only way to win is to stay ahead—and that means keeping your software up to date. So, lace up those sneakers and get patching!

Tags: authentication bypass, CVE-2024-22024, CVSS score, Ivanti Security Update, Patch Releases, SAML Authentication Flaw, XXE Vulnerability