HTTP: Ivanti Connect SecureXML External Entity injection
This signature detects attempts to exploit a known vulnerability against Ivanti Connect. A successful attack can lead to security bypass.
Extended Description
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
Affected Products
Ivanti zero_trust_access
References
CVE: CVE-2024-22024
Short Name
HTTP:CTS:IVANTI-CONNECT-XXE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2024-22024 Connect Entity External Ivanti SecureXML injection
Release Date
02/15/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3678
False Positive
Unknown
Vendors
Ivanti