CVE-2024-21893

HIGH KEV RANSOMWARE NUCLEI

Ivanti SAML - Server Side Request Forgery (SSRF)

Title source: nuclei

Description

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Exploits (2)

nomisec WORKING POC 95 stars

by h4x0r-dz · infoleak

https://github.com/h4x0r-dz/CVE-2024-21893.py

View Code ZIP pw:eip

nomisec WORKING POC 26 stars

by Chocapikk · remote

https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887

View Code ZIP pw:eip

Nuclei Templates (1)

Ivanti SAML - Server Side Request Forgery (SSRF)

HIGHby DhiyaneshDk

Shodan: html:"welcome.cgi?p=logo" || http.title:"ivanti connect secure" || http.html:"welcome.cgi?p=logo"

FOFA: body="welcome.cgi?p=logo" || title="ivanti connect secure"

References (2)

[Vendor Advisory] https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21893

Scores

CVSS v3 8.2

EPSS 0.9432

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Exploitation Intel

CISA KEV 2024-01-31

VulnCheck KEV 2024-01-15

InTheWild.io 2024-01-31

ENISA EUVD EUVD-2024-19504

Ransomware Use Confirmed

Classification

CWE

CWE-918

Status published

Affected Products (50)

ivanti/connect_secure

... and 35 more

Timeline

Published Jan 31, 2024

KEV Added Jan 31, 2024

Tracked Since Feb 18, 2026