===================================================================== 

CERT-Renater 

Note d'Information No. 2024/VULN082 
_____________________________________________________________________ 

DATE : 09/02/2024 

HARDWARE PLATFORM(S): / 

OPERATING SYSTEM(S): Systems running Ivanti Connect Secure (ICS), 
Ivanti Policy Secure gateways, 
Ivanti Neurons for ZTA gateways. 

===================================================================== 
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US 
____________________________________________________________ 


CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure 

Primary Product 

Created Date 
8 Feb 2024 18:54:22 

Last Modified Date 
8 Feb 2024 18:59:06 

DESCRIPTION: 
As part of our ongoing investigation into the vulnerabilities 
impacting Ivanti Connect Secure, Ivanti Policy Secure and ZTA 
gateways, we have discovered a new vulnerability. 
This vulnerability only affects a limited number of supported 
versions – Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 
9.1R18.3, 22.4R2.2 and 22.5R1.1), Ivanti Policy Secure version 
22.5R1.1 and ZTA version 22.6R1.3. 

A patch is available now for Ivanti Connect Secure (versions 
9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3 and 
22.6R2.2), Ivanti Policy Secure (versions 9.1R17.3, 9.1R18.4 
and 22.5R1.2) and ZTA gateways (versions 22.5R1.6, 22.6R1.5 
and 22.6R1.7). 

The mitigation provided on 31 January is effective at blocking 
this vulnerable endpoint and is available now via the standard 
download portal. 
We have no evidence of this vulnerability being exploited in 
the wild as it was found during our internal review and 
testing of our code. 
Customers who applied the patch released on 31 January or 1 
February, and completed a factory reset of their appliance, 
do not need to factory reset their appliances again. 
We have no evidence of any customers being exploited by 
CVE-2024-22024. However, it is critical that you immediately 
take action to ensure you are fully protected. 

The table below provides details on the vulnerabilities: 
CVE Description CVSS Vector 
CVE-2024-22024 An XML external entity or XXE vulnerability in 
the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti 
Policy Secure (9.x, 22.x) and ZTA gateways which allows an 
attacker to access certain restricted resources without 
authentication. 

8.3 /AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 

Article Number : 
000090576 

Article Promotion Level 
Normal 

https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US 

========================================================= 
+ CERT-RENATER | tel : 01-53-94-20-44 + 
+ 23/25 Rue Daviel | fax : 01-53-94-20-41 + 
+ 75013 Paris | email:cert@support.renater.fr + 
=========================================================