CVE-2024-21893

HIGH KEV RANSOMWARE NUCLEI

Ivanti SAML - Server Side Request Forgery (SSRF)

Title source: nuclei

Description

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Exploits (3)

nomisec WORKING POC 95 stars

by h4x0r-dz · infoleak

https://github.com/h4x0r-dz/CVE-2024-21893.py

View Code ZIP pw:eip

nomisec WORKING POC 26 stars

by Chocapikk · remote

https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by sfewer-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2024_21893.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Ivanti SAML - Server Side Request Forgery (SSRF)

HIGHby DhiyaneshDk

Shodan: html:"welcome.cgi?p=logo" || http.title:"ivanti connect secure" || http.html:"welcome.cgi?p=logo"

FOFA: body="welcome.cgi?p=logo" || title="ivanti connect secure"

References (2)

[Vendor Advisory] https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21893

Scores

CVSS v3 8.2

EPSS 0.9432

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Details

CISA KEV 2024-01-31

VulnCheck KEV 2024-01-15

InTheWild.io 2024-01-31

ENISA EUVD EUVD-2024-19504

Ransomware Use Confirmed

CWE

CWE-918

Status published

Products (5)

ivanti/connect_secure 9.0 (13 CPE variants)

ivanti/connect_secure 9.1 r1 (34 CPE variants)

ivanti/connect_secure 21.9 r1

ivanti/connect_secure 21.12 r1

ivanti/connect_secure 22.1 r1

Published Jan 31, 2024

KEV Added Jan 31, 2024

Tracked Since Feb 18, 2026