Ivanti has alerted prospects of yet one more high-severity safety flaw in its Join Safe, Coverage Safe, and ZTA gateway units that might permit attackers to bypass authentication.
The problem, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the CVSS scoring system.
“An XML exterior entity or XXE vulnerability within the SAML element of Ivanti Join Safe (9.x, 22.x), Ivanti Coverage Safe (9.x, 22.x) and ZTA gateways which permits an attacker to entry sure restricted assets with out authentication,” the corporate mentioned in an advisory.
The corporate mentioned it found the flaw throughout an inside evaluate as a part of its ongoing investigation into a number of safety weaknesses within the merchandise which have come to gentle for the reason that begin of the yr, together with CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893.
CVE-2024-22024 impacts the next variations of the merchandise –
- Ivanti Join Safe (variations 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, and 22.5R1.1)
- Ivanti Coverage Safe (model 22.5R1.1)
- ZTA (model 22.6R1.3)
Patches for the bug can be found in Join Safe variations 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3, and 22.6R2.2; Coverage Safe variations 9.1R17.3, 9.1R18.4, and 22.5R1.2; and ZTA variations 22.5R1.6, 22.6R1.5, and 22.6R1.7.
Ivanti mentioned there is no such thing as a proof of lively exploitation of the flaw, however with CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 coming beneath broad abuse, it is crucial that customers transfer rapidly to use the newest fixes.
Replace
Cybersecurity agency watchTowr, which mentioned it disclosed CVE-2024-22024 to Ivanti in early February 2024, famous the problem stems from an incorrect repair for CVE-2024-21893 that was launched within the newest model of the software program.
“XXE is an introduction to quite a lot of impacts: DOS, Native File Learn, and SSRF,” it mentioned. “The affect, plainly, of the SSRF relies on what protocols can be found for utilization.”
