CVE-2024-22023: 
Ivanti Connect Secure vulnerability analysis and mitigation

CVE-2024-22023 is an XML entity expansion (XEE) vulnerability discovered in the SAML component of Ivanti Connect Secure (versions 9.x, 22.x) and Ivanti Policy Secure. The vulnerability was disclosed on April 4, 2024, and affects multiple versions of both products. This security flaw allows an unauthenticated attacker to exploit the system through specially crafted XML requests (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The flaw is related to improper handling of XML entity expansion in the SAML component, which can be exploited without requiring authentication or user interaction. The vulnerability has been classified under CWE-703 (Improper Check or Handling of Exceptional Conditions) (NVD).

When successfully exploited, this vulnerability can lead to temporary resource exhaustion resulting in a limited-time Denial of Service (DoS) condition. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity (NVD).

Ivanti has released security updates to address this vulnerability. Organizations using affected versions of Ivanti Connect Secure and Ivanti Policy Secure should upgrade to the latest patched versions: 22.1R6.2, 22.2R4.2, 22.3R1.2, 22.4R1.2, 22.4R2.4, 22.5R1.3, 22.5R2.4, 22.6R2.3, 9.1R14.6, 9.1R15.4, 9.1R16.4, 9.1R17.4, or 9.1R18.5 (CERT-EU).