← back
CVE-2023-46805

CVE-2023-46805

CVSS 8.2 HIGHEPSS 100.0%● KEV
In short

Ivanti ICS and Policy Secure have a flaw that lets remote attackers skip authentication checks and access restricted resources they shouldn't be able to reach. This is dangerous because it allows unauthorized access to sensitive system components.

Technical detail

An authentication bypass exists in Ivanti ICS (9.x, 22.x) and Policy Secure web components that permits remote attackers to circumvent access control mechanisms without valid credentials. The vulnerability allows unauthorized access to restricted resources; no user interaction is required, making it a direct network-exploitable vector with high impact on confidentiality and integrity.

Summary generated and translated by AI from the official description.
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected products
Ivanti · ICSIvanti · IPS
public PoCs found9
githubgithub.com/Chocapikk/CVE-2023-4680514githubgithub.com/seajaysec/Ivanti-Connect-Around-Scan12githubgithub.com/yoryio/CVE-2023-4680510githubgithub.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser5githubgithub.com/cbeek-r7/CVE-2023-468055githubgithub.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-218875githubgithub.com/w2xim3/CVE-2023-468052githubgithub.com/rxwx/pulse-meter1cve_referencepacketstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.htmlhttps://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_UShttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46805