CVE-2024-22024

HIGH EXPLOITED NUCLEI

Ivanti Connect Secure - XXE

Title source: nuclei

Description

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Exploits (2)

nomisec WORKING POC 30 stars

by 0dteam · remote

https://github.com/0dteam/CVE-2024-22024

View Code ZIP pw:eip

github WRITEUP 7 stars

by cybersecplayground · poc

https://github.com/cybersecplayground/PoC-and-CVE-Reports/tree/main/2024/CVE-2024-22024.md

View Code ZIP pw:eip

Nuclei Templates (1)

Ivanti Connect Secure - XXE

HIGHby watchTowr

Shodan: html:"welcome.cgi?p=logo" || http.title:"ivanti connect secure" || http.html:"welcome.cgi?p=logo"

FOFA: body="welcome.cgi?p=logo" || title="ivanti connect secure"

References (1)

[Vendor Advisory] https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

Scores

CVSS v3 8.3

EPSS 0.9425

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Details

VulnCheck KEV 2024-02-06

CWE

CWE-611

Status published

Products (5)

ivanti/connect_secure 9.1 r14.4 (3 CPE variants)

ivanti/connect_secure 22.4 r2.2

ivanti/connect_secure 22.5 r1.1 (2 CPE variants)

ivanti/policy_secure 22.5 r1.1

ivanti/zero_trust_access_gateway 22.6 r1.3

Published Feb 13, 2024

Tracked Since Feb 18, 2026