Lucene search

[email protected]NVD:CVE-2023-46805

HistoryJan 12, 2024 - 5:15 p.m.

CVE-2023-46805

2024-01-1217:15:09

CWE-287

[email protected]

web.nvd.nist.gov

ivanti

authentication bypass

web component

remote attacker

restricted resources

control checks

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

AI Score

9.1

Confidence

High

EPSS

0.957

Percentile

99.5%

JSON

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Affected configurations

Nvd

Node

ivanticonnect_secureMatch9.0

ivanticonnect_secureMatch9.1r1

ivanticonnect_secureMatch9.1r10

ivanticonnect_secureMatch9.1r11

ivanticonnect_secureMatch9.1r11.3

ivanticonnect_secureMatch9.1r11.4

ivanticonnect_secureMatch9.1r11.5

ivanticonnect_secureMatch9.1r12

ivanticonnect_secureMatch9.1r12.1

ivanticonnect_secureMatch9.1r13

ivanticonnect_secureMatch9.1r13.1

ivanticonnect_secureMatch9.1r14

ivanticonnect_secureMatch9.1r15

ivanticonnect_secureMatch9.1r15.2

ivanticonnect_secureMatch9.1r16

ivanticonnect_secureMatch9.1r16.1

ivanticonnect_secureMatch9.1r17

ivanticonnect_secureMatch9.1r17.1

ivanticonnect_secureMatch9.1r18

ivanticonnect_secureMatch9.1r2

ivanticonnect_secureMatch9.1r3

ivanticonnect_secureMatch9.1r4

ivanticonnect_secureMatch9.1r4.1

ivanticonnect_secureMatch9.1r4.2

ivanticonnect_secureMatch9.1r4.3

ivanticonnect_secureMatch9.1r5

ivanticonnect_secureMatch9.1r6

ivanticonnect_secureMatch9.1r7

ivanticonnect_secureMatch9.1r8

ivanticonnect_secureMatch9.1r8.1

ivanticonnect_secureMatch9.1r8.2

ivanticonnect_secureMatch9.1r9

ivanticonnect_secureMatch9.1r9.1

ivanticonnect_secureMatch22.1r1

ivanticonnect_secureMatch22.1r6

ivanticonnect_secureMatch22.2-

ivanticonnect_secureMatch22.2r1

ivanticonnect_secureMatch22.3r1

ivanticonnect_secureMatch22.4r1

ivanticonnect_secureMatch22.4r2.1

ivanticonnect_secureMatch22.5r2.1

ivanticonnect_secureMatch22.6-

ivanticonnect_secureMatch22.6r1

ivanticonnect_secureMatch22.6r2

ivantipolicy_secureMatch9.0

ivantipolicy_secureMatch9.1r1

ivantipolicy_secureMatch9.1r10

ivantipolicy_secureMatch9.1r11

ivantipolicy_secureMatch9.1r12

ivantipolicy_secureMatch9.1r13

ivantipolicy_secureMatch9.1r13.1

ivantipolicy_secureMatch9.1r14

ivantipolicy_secureMatch9.1r15

ivantipolicy_secureMatch9.1r16

ivantipolicy_secureMatch9.1r17

ivantipolicy_secureMatch9.1r18

ivantipolicy_secureMatch9.1r2

ivantipolicy_secureMatch9.1r3

ivantipolicy_secureMatch9.1r3.1

ivantipolicy_secureMatch9.1r4

ivantipolicy_secureMatch9.1r4.1

ivantipolicy_secureMatch9.1r4.2

ivantipolicy_secureMatch9.1r5

ivantipolicy_secureMatch9.1r6

ivantipolicy_secureMatch9.1r7

ivantipolicy_secureMatch9.1r8

ivantipolicy_secureMatch9.1r8.1

ivantipolicy_secureMatch9.1r8.2

ivantipolicy_secureMatch9.1r9

ivantipolicy_secureMatch22.1r1

ivantipolicy_secureMatch22.1r6

ivantipolicy_secureMatch22.2r1

ivantipolicy_secureMatch22.2r3

ivantipolicy_secureMatch22.3r1

ivantipolicy_secureMatch22.3r3

ivantipolicy_secureMatch22.4r1

ivantipolicy_secureMatch22.4r2

ivantipolicy_secureMatch22.4r2.1

ivantipolicy_secureMatch22.5r1

ivantipolicy_secureMatch22.5r2.1

ivantipolicy_secureMatch22.6r1

VendorProductVersionCPE
ivanticonnect_secure9.0cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	connect_secure	9.0	cpe:2.3:a:ivanti:connect_secure:9.0:::::::*
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r1::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r10::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r11::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r11.3::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r11.4::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r11.5::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r12::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r12.1::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r13::::::

Rows per page:

1-10 of 811

References

packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html

forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US