Ivanti Connect Secure Server-Side Request Forgery

Added: 02/05/2024

Background

Ivanti Connect Secure is a web-based remote access VPN.

Problem

A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other vulnerabilities.

Resolution

Apply the appropriate patch referenced in the Ivanti Security Advisory.

References

https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure

Platforms

Linux

Back to exploit index