CVSS: 8.5EPSS: 96%CPEs: 81EXPL: 12CVE-2023-46805 – Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-46805
12 Jan 2024 — An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Una vulnerabilidad de omisión de autenticación en el componente web de Ivanti ICS 9.x, 22.x e Ivanti Policy Secure permite a un atacante remoto acceder a recursos restringidos omitiendo las comprobaciones de control. Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways... • https://packetstorm.news/files/id/176668 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2023-39340
https://notcve.org/view.php?id=CVE-2023-39340
16 Dec 2023 — A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante puede enviar una solicitud específica que puede provocar una denegación de servicio (DoS) del dispositivo. • https://forums.ivanti.com/s/article/Security-fix-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US •
CVSS: 8.3EPSS: 0%CPEs: 53EXPL: 0CVE-2023-41719
https://notcve.org/view.php?id=CVE-2023-41719
14 Dec 2023 — A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante que se hace pasar por un administrador puede crear una solicitud web específica que puede conducir a la ejecución remota de código. • https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-41720
https://notcve.org/view.php?id=CVE-2023-41720
14 Dec 2023 — A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system. Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante con un punto de apoyo en un dispositivo Ivanti Connect Secure (I... • https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US •