CVE-2024-21893 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-21893?
CVE-2024-21893 is a high-severity server-side request forgery vulnerability affecting the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. Systems running these software versions are at risk, as the vulnerability allows attackers to access certain restricted resources without authentication. This issue is particularly concerning for organizations using these products to secure their networks and resources.
Who is impacted?
The CVE-2024-21893 vulnerability affects users of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. Specifically, it impacts all supported versions, which include Version 9.x and 22.x. This vulnerability allows attackers to access certain restricted resources without authentication, posing a risk to organizations using these products to secure their networks and resources.
What to do if CVE-2024-21893 affected you
If you're affected by the CVE-2024-21893 vulnerability, it's crucial to take immediate action. Follow these steps to protect your systems:
Download and apply the patch for Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways from the Ivanti forum.
Monitor the forum for updates on patch availability for remaining supported versions.
Refer to the CISA Binding Operational Directive 22-01 for guidance on prioritizing vulnerability management efforts.
Contact Ivanti support through the Success Portal if you need further assistance.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-21893 vulnerability, also known as Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability, is indeed present in CISA's Known Exploited Vulnerabilities Catalog. It was added on January 31, 2024, with a due date of February 2, 2024. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-918, which involves server-side request forgery issues in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA.
Learn More
CVE-2024-21893 is a high-severity vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-21893 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-21893?
CVE-2024-21893 is a high-severity server-side request forgery vulnerability affecting the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. Systems running these software versions are at risk, as the vulnerability allows attackers to access certain restricted resources without authentication. This issue is particularly concerning for organizations using these products to secure their networks and resources.
Who is impacted?
The CVE-2024-21893 vulnerability affects users of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. Specifically, it impacts all supported versions, which include Version 9.x and 22.x. This vulnerability allows attackers to access certain restricted resources without authentication, posing a risk to organizations using these products to secure their networks and resources.
What to do if CVE-2024-21893 affected you
If you're affected by the CVE-2024-21893 vulnerability, it's crucial to take immediate action. Follow these steps to protect your systems:
Download and apply the patch for Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways from the Ivanti forum.
Monitor the forum for updates on patch availability for remaining supported versions.
Refer to the CISA Binding Operational Directive 22-01 for guidance on prioritizing vulnerability management efforts.
Contact Ivanti support through the Success Portal if you need further assistance.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-21893 vulnerability, also known as Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability, is indeed present in CISA's Known Exploited Vulnerabilities Catalog. It was added on January 31, 2024, with a due date of February 2, 2024. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-918, which involves server-side request forgery issues in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA.
Learn More
CVE-2024-21893 is a high-severity vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-21893 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-21893?
CVE-2024-21893 is a high-severity server-side request forgery vulnerability affecting the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. Systems running these software versions are at risk, as the vulnerability allows attackers to access certain restricted resources without authentication. This issue is particularly concerning for organizations using these products to secure their networks and resources.
Who is impacted?
The CVE-2024-21893 vulnerability affects users of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. Specifically, it impacts all supported versions, which include Version 9.x and 22.x. This vulnerability allows attackers to access certain restricted resources without authentication, posing a risk to organizations using these products to secure their networks and resources.
What to do if CVE-2024-21893 affected you
If you're affected by the CVE-2024-21893 vulnerability, it's crucial to take immediate action. Follow these steps to protect your systems:
Download and apply the patch for Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways from the Ivanti forum.
Monitor the forum for updates on patch availability for remaining supported versions.
Refer to the CISA Binding Operational Directive 22-01 for guidance on prioritizing vulnerability management efforts.
Contact Ivanti support through the Success Portal if you need further assistance.
Is it in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-21893 vulnerability, also known as Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability, is indeed present in CISA's Known Exploited Vulnerabilities Catalog. It was added on January 31, 2024, with a due date of February 2, 2024. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-918, which involves server-side request forgery issues in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA.
Learn More
CVE-2024-21893 is a high-severity vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions