CVSS: 8.5EPSS: 96%CPEs: 81EXPL: 12CVE-2023-46805 – Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-46805
12 Jan 2024 — An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Una vulnerabilidad de omisión de autenticación en el componente web de Ivanti ICS 9.x, 22.x e Ivanti Policy Secure permite a un atacante remoto acceder a recursos restringidos omitiendo las comprobaciones de control. Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways... • https://packetstorm.news/files/id/176668 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2023-39340
https://notcve.org/view.php?id=CVE-2023-39340
16 Dec 2023 — A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante puede enviar una solicitud específica que puede provocar una denegación de servicio (DoS) del dispositivo. • https://forums.ivanti.com/s/article/Security-fix-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US •
CVSS: 8.3EPSS: 0%CPEs: 53EXPL: 0CVE-2023-41719
https://notcve.org/view.php?id=CVE-2023-41719
14 Dec 2023 — A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante que se hace pasar por un administrador puede crear una solicitud web específica que puede conducir a la ejecución remota de código. • https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-41720
https://notcve.org/view.php?id=CVE-2023-41720
14 Dec 2023 — A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system. Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante con un punto de apoyo en un dispositivo Ivanti Connect Secure (I... • https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US •
CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0CVE-2022-35254
https://notcve.org/view.php?id=CVE-2022-35254
05 Dec 2022 — An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. Un atacante no autenticado puede provocar una Denegación de Servicio (DoS) a los siguientes productos: Ivanti Connect Secure (ICS) en versiones anteriores a 9.1R14.3, 9.1R15.2, 9.1R16.2 y 22.2R4, Iva... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0CVE-2022-35258
https://notcve.org/view.php?id=CVE-2022-35258
05 Dec 2022 — An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. Un atacante no autenticado puede provocar una Denegación de Servicio (DoS) a los siguientes productos: Ivanti Connect Secure (ICS) en versiones anteriores a 9.1R14.3, 9.1R15.2, 9.1R16.2 y 22.2R4, Iva... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW • CWE-128: Wrap-around Error CWE-682: Incorrect Calculation •