CVE-2024-21888 is a reserved identifier for a security vulnerability that has not been publicly disclosed yet. According to an Ivanti alert, it involves a privilege escalation vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x), enabling a user to gain administrator privileges. Malicious actors are actively exploiting this vulnerability, so strongly recommend updating the affected products to the latest available version. Aslo we have another vulnerability related with these components CVE-2024-21893.
CVE-2024-21893 is a Server-Side Request Forgery (SSRF) vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x), and Ivanti Neurons for ZTA3. This vulnerability allows an attacker to access certain restricted resources without authentication. Malicious actors are actively exploiting it, so strongly recommend updating the affected products to the latest available version.
Do not confuse this with CVE-2024-23888, which is a Cross-Site Scripting (XSS) vulnerability in Cups Easy (Purchase & Inventory), version 1.03.
Systems vulnerables to CVE-2024-21888
According to the Ivanti alert, systems vulnerable to CVE-2024-21888 are those running versions 9.x and 22.x of Ivanti Connect Secure and Ivanti Policy Secure products. These products serve as secure remote access and network access control solutions, respectively. Strongly recommend mitigating the risk posed by this vulnerability by updating these products to the latest available version.
How can I determine if my system is running Ivanti Connect Secure or Policy Secure?
To determine if your system is running Ivanti Connect Secure or Policy Secure, follow these steps:
- Open the Windows Control Panel and search for “Programs and Features.”
- Look through the list of installed programs for any entries named Ivanti Connect Secure or Ivanti Policy Secure. If you find them, it indicates that your system is running these products.
You can also check the version of the products by accessing the web administration interface. Open a web browser and enter the IP address or domain name of the Ivanti device you want to check (e.g., https://192.168.1.100 or https://ivanti.example.com).
Log in with your administrator credentials and navigate to the “About” section. There, you can view the product version and build number.
If your system is running any of the versions vulnerable to CVE-2024-21888, I recommend updating the products to the latest available version as soon as possible. You can find more information on how to do this in the Ivanti alert or on the Ivanti forum.
Mitigation & Workaround – CVE-2024-21888 & CVE-21893
As temporary workarounds to address CVE-2024-21888 and CVE-2024-21893, users are recommended to import the “mitigation.release.20240126.5.xml” file.
Other vulnerabilities: CVE-2024-23888
CVE-2024-23888 is a Cross-Site Scripting (XSS) vulnerability in Cups Easy (Purchase & Inventory), version 1.012. This vulnerability allows a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. It is recommended to update the product to a secure version or apply the mitigation measures provided by the manufacturer.
