CVE-2024-21893

Vulnerability updated 7 months ago (2024-05-04T20:49:47.777Z)

Download STIX

Preview STIX

CVE-2024-21893 is a server-side request forgery (SSRF) vulnerability, a flaw in software design or implementation within Ivanti's products. This particular vulnerability has been exploited in targeted attacks as a zero-day, which means it was used by attackers before the vendor became aware of and patched it. Alongside this, Ivanti disclosed another privilege escalation vulnerability in the Web component of Ivanti Connect Secure and Ivanti Policy Secure (CVE-2024-21888), although this hasn't been observed in any attacks yet. Despite patches for these vulnerabilities being released on January 31, with one even addressed earlier, attackers have continued to exploit them. Specifically, they've leveraged CVE-2024-21893 to deploy new malware families such as LittleLamb.WoolTea, PitStop, Pitdog, PitJet, and PitHook. This suggests that systems running Ivanti's affected software may still be at risk if they haven't applied the necessary patches. To mitigate these threats, Check Point Harmony IPS provides protection against CVE-2024-21893. Additionally, the Check Point IPS blade offers protection against a range of Ivanti-related threats, including an Authentication Bypass (CVE-2023-46805), Command Injection (CVE-2024-21887), and the aforementioned Server-Side Request Forgery (CVE-2024-21893). Therefore, organizations are encouraged to apply both the vendor-provided patches and utilize these security measures to enhance their defensive posture against potential cyberattacks.

Description last updated: 2024-03-21T12:15:40.207Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ivanti

Exploit

CISA

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-46805 Vulnerability is associated with CVE-2024-21893. CVE-2023-46805 is an authentication bypass vulnerability that affects all supported versions of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). The Cyber Centre first became aware of this flaw, along with a command injection vulnerability (CVE-2024-21887), on January 10, 2024	Unspecified	3
The CVE-2024-21888 Vulnerability is associated with CVE-2024-21893. CVE-2024-21888 is a software vulnerability identified in Ivanti Connect Secure and Ivanti Policy Secure's Web component. This flaw, which presents as a privilege escalation vulnerability, was discovered during the rollout of updates for other vulnerabilities. Despite its potential severity, there ha	Unspecified	2
The CVE-2024-21887 Vulnerability is associated with CVE-2024-21893. CVE-2024-21887 is a command injection vulnerability found in the web components of Ivanti Connect Secure and Ivanti Policy Secure, specifically in versions 9.x and 22.x. The Cyber Centre was made aware of this flaw, along with an authentication bypass vulnerability (CVE-2023-46805), on January 10, 2	Unspecified	2

Source Document References

Information about the CVE-2024-21893 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
CERT-EU	9 months ago	Ivanti follows CISA warning with new protection tool
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	5 months ago	Threat Actor May Have Accessed Sensitive Info on CISA Chemical App
Securityaffairs	5 months ago	CISA confirmed that CSAT environment was breached in January
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Unit42	7 months ago	It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
InfoSecurity-magazine	8 months ago	Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities
Securityaffairs	8 months ago	Ivanti fixed for 4 new issues in Connect Secure and Policy Secure