CVE-2023-46805 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

Exploit added

January 10, 2024

Action due

January 22, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

References

Weakness Enumeration

CWE-ID	CWE Name
CWE-287	Improper Authentication

Known Affected Software Configurations

cpe:2.3:a:ivanti:connect_secure:9.0:rx::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r4.0::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r2.0::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r1.0::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.0::::::
cpe:2.3:a:ivanti:policy_secure:9.0:r1::::::
cpe:2.3:a:ivanti:policy_secure:9.0:-::::::
cpe:2.3:a:ivanti:policy_secure:9.0:r3::::::
cpe:2.3:a:ivanti:policy_secure:9.0:r4::::::
cpe:2.3:a:ivanti:policy_secure:9.0:r2.1::::::
cpe:2.3:a:ivanti:policy_secure:9.0:r2::::::
cpe:2.3:a:ivanti:policy_secure:9.0:r3.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r15.2::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r2.1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r2::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r6.0::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r1::::::
cpe:2.3:a:ivanti:connect_secure:22.6:r2::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.3::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r5.0::::::
cpe:2.3:a:ivanti:connect_secure:22.6:r1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:-::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r4::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.5::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.2::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r4.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11.4::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r12.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r9.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r12::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r17::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r13.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r13::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r14::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r18::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11.5::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r17.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r3::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r5::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r6::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r7::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r10::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r9::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3::::::
cpe:2.3:a:ivanti:policy_secure:22.2:r3::::::
cpe:2.3:a:ivanti:policy_secure:22.3:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.3:r3::::::
cpe:2.3:a:ivanti:policy_secure:22.4:r2.1::::::
cpe:2.3:a:ivanti:policy_secure:22.4:r2::::::
cpe:2.3:a:ivanti:policy_secure:22.5:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.5:r2.1::::::
cpe:2.3:a:ivanti:policy_secure:22.6:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.4:r1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r10::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r11::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r12::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r13::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r4.2::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r9::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r14::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r17::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r18::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r2::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r3.1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r3::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r4.1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r8::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r13.1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r4::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r5::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r6::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r8.2::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r8.1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r7::::::
cpe:2.3:a:ivanti:policy_secure:22.1:r6::::::
cpe:2.3:a:ivanti:connect_secure:22.6:-::::::
cpe:2.3:a:ivanti:connect_secure:22.5:r2.1::::::
cpe:2.3:a:ivanti:connect_secure:22.1:r6::::::
cpe:2.3:a:ivanti:connect_secure:22.3:r1::::::
cpe:2.3:a:ivanti:connect_secure:22.4:r1::::::
cpe:2.3:a:ivanti:connect_secure:22.4:r2.1::::::
cpe:2.3:a:ivanti:connect_secure:22.2:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.2:r1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r15::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r16.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r16::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r15::::::

Details

Source:
NVD

Published:
January 12, 2024

Updated:
June 10, 2024

Risk information

CVSS v3

Base score:
8.2

Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS v2

Not defined