CVSS: 8.2EPSS: 96%CPEs: 81EXPL: 5CVE-2023-46805 – Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-46805
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Una vulnerabilidad de omisión de autenticación en el componente web de Ivanti ICS 9.x, 22.x e Ivanti Policy Secure permite a un atacante remoto acceder a recursos restringidos omitiendo las comprobaciones de control. Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability. • https://github.com/w2xim3/CVE-2023-46805 https://github.com/Chocapikk/CVE-2023-46805 https://github.com/yoryio/CVE-2023-46805 https://github.com/cbeek-r7/CVE-2023-46805 http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US https://attackerkb.com/topics/AdUh6by52K/cve-2023& • CWE-287: Improper Authentication •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39336
https://notcve.org/view.php?id=CVE-2023-39336
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. Una vulnerabilidad de inyección SQL no especificada en Ivanti Endpoint Manager lanzada antes de 2022 SU 5 permite a un atacante con acceso a la red interna ejecutar consultas SQL arbitrarias y recuperar resultados sin necesidad de autenticación. En circunstancias específicas, esto también puede provocar RCE en el servidor central. • https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46220 – Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46220
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46261 – Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46261
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLInfoRailService. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 0CVE-2023-46266 – Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-46266
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Un atacante puede enviar una solicitud especialmente manipulada que podría provocar una fuga de datos confidenciales o potencialmente un ataque DoS basado en recursos. This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecureFilter class. The issue results from improper handling of the requested URI and accompanying Content-Type HTTP request header. • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt •