CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-21893

Critical Severity
Ivanti
SVRS
72/100
CVSSv3
8.2/10
EPSS
0.9432/1

CVE-2024-21893 is a critical server-side request forgery (SSRF) vulnerability. Exploitation of this flaw in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA allows unauthenticated attackers to access restricted resources. Given its presence In The Wild and inclusion in the CISA KEV catalog, the risk is amplified. The SSRF vulnerability lies in the SAML component and poses a significant threat due to the potential for unauthorized data access. With an SVRS of 72, while not deemed critical, it requires prompt attention and patching, especially given active exploits are available. Successful exploitation can lead to internal network reconnaissance and potential compromise of sensitive information. Organizations using affected Ivanti products must prioritize patching CVE-2024-21893 to mitigate the risk of unauthorized access.

TAGS
In The Wild
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:L
A:N
PUBLICATION DATE2024-01-31
LAST MODIFIED2024-08-14
Eye Icon
SOCRadar
AI Insight

Description: Information regarding CVE-2024-21893 is currently unavailable. As a result, we cannot provide a description of its nature, incorporate the SVRS to highlight the urgency and severity of the threats, or present key insights critical for understanding the cybersecurity implications of this CVE.

Key Insights: Due to the lack of information, we cannot provide key insights into the cybersecurity implications of CVE-2024-21893.

Mitigation Strategies: Since there is no information available about CVE-2024-21893, we cannot recommend specific mitigation strategies or actions.

Additional Information: If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
IP
134.209.30.2202024-10-04
IP
138.68.90.192024-10-04
IP
167.99.202.1302024-10-04
URL
https://duorhytm.fun/2024-02-07
IP
186.179.39.2352024-02-07
IP
91.92.254.142024-02-07
IP
173.220.106.1662024-02-07

Exploits

TitleSoftware LinkDate
nomi-sec/PoC-in-GitHubhttps://github.com/nomi-sec/PoC-in-GitHub2019-12-08
Chocapikk/CVE-2024-21893-to-CVE-2024-21887https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-218872024-02-03
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-218932024-01-31
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

2025 Ransomware: Business as Usual, Business is Booming
Chris Boyd2025-04-08
2025 Ransomware: Business as Usual, Business is Booming | Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack surface against ransomware.Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our
rapid7.com
rss
forum
news
ISC StormCast for Tuesday, February 6th, 2024
Dr. Johannes B. Ullrich2024-02-06
ISC StormCast for Tuesday, February 6th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Time to Spam; Anydesk Update; Latest Ivanti Exploit; Deepfake Exploits;Public Information and Email Spam https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/ Anydesk Update https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/ https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf Ivanti POC For CVE-2024-21893 https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis
sans.edu
rss
forum
news
Update #6: Kritische Sicherheitslücken in Ivanti Connect Secure und Ivanti Policy Secure - aktiv ausgenützt - Patches verfügbar
CERT.at2025-04-01
Update #6: Kritische Sicherheitslücken in Ivanti Connect Secure und Ivanti Policy Secure - aktiv ausgenützt - Patches verfügbar | 11. Jänner 2024 Beschreibung Sicherheitsforscher:innen haben in Produkten der Firma Ivanti zwei schwere Sicherheitslücken entdeckt, deren kombinierte Ausnutzung eine vollständige Kompromittierung des Systems über offen erreichbare Interfaces ermöglicht. Die Schwachstellen werden bereits durch gezielt agierende Angreifer:innen ausgenutzt. Es ist davon auszugehen, dass zeitnah massenweise
cve-2024-21893
cve-2023-46805
cve-2024-21888
cve-2024-21887
Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities
Pierluigi Paganini2025-03-13
Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities | Researchers warn of a “coordinated surge” in the exploitation attempts of SSRF vulnerabilities in multiple platforms. Threat intelligence firm GreyNoise observed Grafana path traversal exploitation attempts before the Server-Side Request Forgery (SSRF) surge on March 9, suggesting the attackers may be leveraging Grafana as an initial entry point for deeper exploitation. The experts believe the […] Researchers warn of
securityaffairs.co
rss
forum
news
400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild
Tushar Subhra Dutta2025-03-12
400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild | A coordinated surge in Server-Side Request Forgery (SSRF) exploitation has been detected across multiple widely used platforms, affecting organizations worldwide. Security monitoring reveals approximately 400 unique IP addresses actively targeting multiple SSRF-related CVEs simultaneously, indicating a sophisticated and potentially dangerous campaign. The exploitation surge began on March 9, 2025, with attackers showing a pattern of […] The post 400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild appeared
cybersecuritynews.com
rss
forum
news
How to migrate to SASE and zero trust | Kaspersky official blog
Stan Kaminsky2025-01-28
How to migrate to SASE and zero trust | Kaspersky official blog | SASE components: ZTNA, CASB CSWG, NGFW, SD-WAN, and how they improve network securityThe traditional network security model — with a secure perimeter and encrypted channels for external access to that perimeter — is coming apart at the seams. Cloud services and remote working have challenged the very notion of &#8220;perimeter&#8221;, while the primary method of accessing the perimeter — VPN — has in recent years become a prime attack vector for intruders. Many high-profile hacks began by <a href="https://arstechnica.com/security/2024/02/as-if-two-ivanti-vulnerabilities-under-explot-wasnt-bad-enough-now-there-are-3/" rel="nofollow
kaspersky.com
rss
forum
news
CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
Satnam Narang2025-01-08
CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild | Ivanti disclosed two vulnerabilities in its Connect Secure, Policy Secure and Neurons for ZTA gateway devices, including one flaw that was exploited in the wild as a zero-day. Background On January 8, Ivanti published a security advisory for two vulnerabilities affecting multiple products including <a href="https://www.ivanti.com
securityboulevard.com
rss
forum
news

Social Media

RT @AustinLarsen_: Our team @Mandiant is releasing details on 🇨🇳 #UNC5325, who exploited CVE-2024-21893 and CVE-2024-21887 to deploy novel…
0
95
0
The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors. The Ivanti Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2024-21893, ... https://t.co/Kr9O84smIF
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppIvantipolicy_secure
AppIvanticonnect_secure
AppIvantineurons_for_zero-trust_access

References

ReferenceLink
[email protected]https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

CWE Details

CWE IDCWE NameDescription
CWE-918Server-Side Request Forgery (SSRF)The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence