It is purported that an exploit for the Ivanti Connect Secure CVE-2024-22024 XXE vulnerability has been circulated.
Ivanti Connect Secure is a secure remote access solution designed to provide users with seamless and protected connectivity to corporate networks and resources from anywhere. It offers robust authentication, encryption, and access control features to ensure the security of remote connections.
This vulnerability involves an XML external entity (XXE) issue within the SAML component of Ivanti Connect Secure (versions 9.x, 22.x), Ivanti Policy Secure (versions 9.x, 22.x), and ZTA gateways. Exploiting this vulnerability enables attackers to gain access to specific restricted resources without requiring authentication.