Activity Feed

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

CVE-2024-20767 highlights a vulnerability in a ColdFusion application, specifically within a server management component (/CFIDE/adminapi/_servermanager/servermanager.cfc). This component, intended for managing server operations, can be manipulated to execute unauthorized actions due to improper security checks on user access levels.

The vulnerability arises because the application fails to adequately verify the permissions of certain classes, allowing a class with a specific access level (identified as “3”) to bypass security measures. Attackers can exploit this oversight by dissecting the application’s files to target the getHeartBeat class, which is not properly secured. Once access is gained, attackers can call internal methods that should be restricted, leading to unauthorized actions such as reading sensitive files or downloading data dumps from the server.

This issue is particularly concerning because it allows attackers to use a unique identifier (UUID) generated by the application to fake authorization, gaining access to a servlet (PMSGenericServlet) meant for privileged operations. The exploitation of this servlet could lead to further unauthorized activities, such as reading or altering files on the server, by manipulating parameters like the username and filename in requests.

From an example at http://jeva.cc/2973.html, a POC would look like:
Get /pms?module=logging&file_name=../../../../../../../etc/passwd&number_of_lines=10000

1
Ratings
Technical Analysis

Ivanti Standalone Sentry serves as a conduit, connecting devices with an organization’s ActiveSync-compatible email systems (like Microsoft Exchange Server) or other backend resources (such as Microsoft SharePoint server). It’s also capable of functioning as a Kerberos Key Distribution Center Proxy (KKDCP) server.

While specifics on the vulnerability remain undisclosed, Ivanti has stated that an unauthenticated attacker, if present on the same physical or logical network, could leverage CVE-2023-41724 to carry out unauthorized command execution on the operating system of the appliance.

The firm also highlighted that this security issue cannot be exploited over the internet by threat actors lacking a valid TLS client certificate obtained through EPMM.

This security flaw impacts all supported versions of Ivanti Standalone Sentry (versions 9.17.0, 9.18.0, and 9.19.0), in addition to older, no longer supported versions (below 9.17.0). Users of these older versions are encouraged to update to a supported release and apply the corresponding patch (versions 9.17.1, 9.18.1, or 9.19.1).

Indicated source as
1
Ratings
Technical Analysis

To be published soon.