XXE in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-22024)
Description
CVE-2024-22024 is an XML External Entity (XXE) injection vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA). This vulnerability allows unauthenticated remote attackers to send specially crafted XML requests to vulnerable web application endpoints, enabling extraction of sensitive files from the server's file system, execution of server-side request forgery (SSRF) attacks, or triggering denial-of-service conditions.
Remediation
Apply security patches immediately by upgrading to the latest patched versions as specified in Ivanti's security advisory for CVE-2024-22024. Consult the official Ivanti security bulletin to identify the specific version appropriate for your deployment (Connect Secure, Policy Secure, or Neurons for ZTA).
Immediate Actions:
• Review Ivanti's official advisory at forums.ivanti.com for version-specific patch information
• Schedule and apply patches during the next available maintenance window
• Verify successful patch installation by checking the version number post-upgrade
Interim Mitigation (if immediate patching is not possible):
• Restrict network access to the affected systems using firewall rules or network segmentation
• Monitor logs for suspicious XML processing activity or unexpected outbound connections
• Implement web application firewall (WAF) rules to detect and block XXE attack patterns
Post-Patch Verification:
• Conduct vulnerability scanning to confirm CVE-2024-22024 is remediated
• Review system logs for any indicators of prior exploitation
• Verify that all instances of affected products in your environment have been updated