CVE-2023-46805

Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Una vulnerabilidad de omisión de autenticación en el componente web de Ivanti ICS 9.x, 22.x e Ivanti Policy Secure permite a un atacante remoto acceder a recursos restringidos omitiendo las comprobaciones de control.

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.

*Credits: N/A

CVSS Scores

NISTv3.1 8.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-10-27 CVE Reserved
2024-01-10 Exploited in Wild
2024-01-10 First Exploit
2024-01-12 CVE Published
2024-01-22 KEV Due Date
2024-08-02 CVE Updated
2024-08-30 EPSS Updated

CWE

CWE-287: Improper Authentication

CAPEC

References (9)

URL	Tag	Source
https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis
https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887

URL	Date	SRC
https://github.com/w2xim3/CVE-2023-46805	2024-01-25
https://github.com/Chocapikk/CVE-2023-46805	2024-01-19
https://github.com/yoryio/CVE-2023-46805	2024-07-23
https://github.com/cbeek-r7/CVE-2023-46805	2024-01-19
http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html	2024-08-02
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb	2024-01-10

URL	Date	SRC

URL	Date	SRC
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US	2024-06-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.0 Search vendor "Ivanti" for product "Connect Secure" and version "9.0"		-		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r10		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r11		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r11.3		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r11.4		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r11.5		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r12		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r12.1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r13		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r13.1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r14		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r15		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r15.2		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r16		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r16.1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r17		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r17.1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r18		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r2		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r3		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r4		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r4.1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r4.2		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r4.3		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r5		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r6		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r7		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r8		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r8.1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r8.2		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r9		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1 Search vendor "Ivanti" for product "Connect Secure" and version "9.1"		r9.1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.1 Search vendor "Ivanti" for product "Connect Secure" and version "22.1"		r1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.1 Search vendor "Ivanti" for product "Connect Secure" and version "22.1"		r6		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.2 Search vendor "Ivanti" for product "Connect Secure" and version "22.2"		-		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.2 Search vendor "Ivanti" for product "Connect Secure" and version "22.2"		r1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.3 Search vendor "Ivanti" for product "Connect Secure" and version "22.3"		r1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.4 Search vendor "Ivanti" for product "Connect Secure" and version "22.4"		r1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.4 Search vendor "Ivanti" for product "Connect Secure" and version "22.4"		r2.1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.5 Search vendor "Ivanti" for product "Connect Secure" and version "22.5"		r2.1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.6 Search vendor "Ivanti" for product "Connect Secure" and version "22.6"		-		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.6 Search vendor "Ivanti" for product "Connect Secure" and version "22.6"		r1		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.6 Search vendor "Ivanti" for product "Connect Secure" and version "22.6"		r2		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.0 Search vendor "Ivanti" for product "Policy Secure" and version "9.0"		-		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r10		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r11		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r12		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r13		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r13.1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r14		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r15		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r16		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r17		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r18		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r2		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r3		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r3.1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r4		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r4.1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r4.2		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r5		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r6		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r7		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r8		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r8.1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r8.2		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1 Search vendor "Ivanti" for product "Policy Secure" and version "9.1"		r9		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.1 Search vendor "Ivanti" for product "Policy Secure" and version "22.1"		r1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.1 Search vendor "Ivanti" for product "Policy Secure" and version "22.1"		r6		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.2 Search vendor "Ivanti" for product "Policy Secure" and version "22.2"		r1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.2 Search vendor "Ivanti" for product "Policy Secure" and version "22.2"		r3		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.3 Search vendor "Ivanti" for product "Policy Secure" and version "22.3"		r1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.3 Search vendor "Ivanti" for product "Policy Secure" and version "22.3"		r3		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.4 Search vendor "Ivanti" for product "Policy Secure" and version "22.4"		r1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.4 Search vendor "Ivanti" for product "Policy Secure" and version "22.4"		r2		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.4 Search vendor "Ivanti" for product "Policy Secure" and version "22.4"		r2.1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.5 Search vendor "Ivanti" for product "Policy Secure" and version "22.5"		r1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.5 Search vendor "Ivanti" for product "Policy Secure" and version "22.5"		r2.1		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.6 Search vendor "Ivanti" for product "Policy Secure" and version "22.6"		r1		Affected