Lucene search
HistoryDec 14, 2023 - 2:15 a.m.
CVE-2023-41719
ivanti connect secure
vulnerability
remote code execution
web request
administrator impersonation
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
41.0%
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
Affected configurations
Node
ivanticonnect_secureMatch21.9r1
ORivanticonnect_secureMatch21.12r1
ORivanticonnect_secureMatch22.1r1
ORivanticonnect_secureMatch22.1r6
ORivanticonnect_secureMatch22.2r1
ORivanticonnect_secureMatch22.3r1
ORivanticonnect_secureMatch22.4r1
Node
ivanticonnect_secureMatch22.5r1.1
ORivanticonnect_secureMatch22.5r2.1
Node
ivanticonnect_secureMatch22.6-
ORivanticonnect_secureMatch22.6r1
Node
ivanticonnect_secureMatch9.1r1
ORivanticonnect_secureMatch9.1r10
ORivanticonnect_secureMatch9.1r10.2
ORivanticonnect_secureMatch9.1r11
ORivanticonnect_secureMatch9.1r11.1
ORivanticonnect_secureMatch9.1r11.3
ORivanticonnect_secureMatch9.1r11.4
ORivanticonnect_secureMatch9.1r11.5
ORivanticonnect_secureMatch9.1r12
ORivanticonnect_secureMatch9.1r12.1
ORivanticonnect_secureMatch9.1r12.2
ORivanticonnect_secureMatch9.1r13
ORivanticonnect_secureMatch9.1r13.1
ORivanticonnect_secureMatch9.1r14
ORivanticonnect_secureMatch9.1r14.4
ORivanticonnect_secureMatch9.1r15
ORivanticonnect_secureMatch9.1r15.2
ORivanticonnect_secureMatch9.1r16
ORivanticonnect_secureMatch9.1r16.1
ORivanticonnect_secureMatch9.1r17
ORivanticonnect_secureMatch9.1r17.1
ORivanticonnect_secureMatch9.1r17.2
ORivanticonnect_secureMatch9.1r18
ORivanticonnect_secureMatch9.1r18.1
ORivanticonnect_secureMatch9.1r18.2
ORivanticonnect_secureMatch9.1r18.3
ORivanticonnect_secureMatch9.1r2
ORivanticonnect_secureMatch9.1r3
ORivanticonnect_secureMatch9.1r4
ORivanticonnect_secureMatch9.1r4.1
ORivanticonnect_secureMatch9.1r4.2
ORivanticonnect_secureMatch9.1r4.3
ORivanticonnect_secureMatch9.1r5
ORivanticonnect_secureMatch9.1r6
ORivanticonnect_secureMatch9.1r7
ORivanticonnect_secureMatch9.1r8
ORivanticonnect_secureMatch9.1r8.1
ORivanticonnect_secureMatch9.1r8.2
ORivanticonnect_secureMatch9.1r8.4
ORivanticonnect_secureMatch9.1r9
ORivanticonnect_secureMatch9.1r9.1
ORivanticonnect_secureMatch9.1r9.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ivanti | connect_secure | 21.9 | cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:* |
| ivanti | connect_secure | 21.12 | cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:* |
| ivanti | connect_secure | 22.1 | cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:* |
| ivanti | connect_secure | 22.1 | cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:* |
| ivanti | connect_secure | 22.2 | cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:* |
| ivanti | connect_secure | 22.3 | cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:* |
| ivanti | connect_secure | 22.4 | cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:* |
| ivanti | connect_secure | 22.5 | cpe:2.3:a:ivanti:connect_secure:22.5:r1.1:*:*:*:*:*:* |
| ivanti | connect_secure | 22.5 | cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:* |
| ivanti | connect_secure | 22.6 | cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:* |
Related
prion
prion
Remote code execution
2023-12-14 02:15:00
cvelist
cvelist
CVE-2023-41719
2023-12-14 01:56:44
cve
cve
CVE-2023-41719
2023-12-14 02:15:12
nessus
nessus
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
41.0%
Related for NVD:CVE-2023-41719