Lucene search

HackeroneVULNRICHMENT:CVE-2023-38551

HistoryMay 31, 2024 - 5:38 p.m.

CVE-2023-38551

2024-05-3117:38:31

hackerone

github.com

crlf injection

ivanti connect secure

xss attack

authenticated user

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Connect Secure",
    "versions": [
      {
        "version": "22.7R2",
        "status": "affected",
        "lessThan": "22.7R2",
        "versionType": "semver"
      },
      {
        "version": "22.5R2.2",
        "status": "affected",
        "lessThan": "22.5R2.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R18.6",
        "status": "affected",
        "lessThan": "9.1R18.6",
        "versionType": "semver"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-May-2024

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2023-38551