CVE-2023-46805 (GCVE-0-2023-46805)
Vulnerability from cvelistv5 – Published: 2024-01-12 17:02 – Updated: 2025-10-21 23:05CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-287 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Connect Secure and Policy Secure |
| Due Date | 2024-01-22 |
| Date Added | 2024-01-10 |
| Vendorproject | Ivanti |
| Vulnerabilityname | Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability |
| Knownransomwarecampaignuse | Known |
References
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Characteristics
Timestamps
Scope
Evidence
Type: Honeypot
Signal: In The Wild Attempts
Confidence: 70%
Source: shadowserver
Details
| 1D | 22 |
|---|---|
| Iot | no |
| Feed | Shadowserver Foundation honeypot/exploited-vulnerabilities |
| Type | http-scan |
| Class | vpn |
| 7D Avg | 5 |
| Vendor | Ivanti |
| 30D Avg | 6 |
| 90D Avg | 4 |
| Product | Ivanti Secure Connect and Policy Secure |
| Cisa Kev | yes |
| Connections | 3627 |
| Observation Date | 2026-07-05 |
| Vulnerability Class | CVSS |
| Vulnerability Score | 3.1 |
| Vulnerability Severity | Low |
References
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Public Report
Signal: Confirmed Compromise
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access... |
| Vendor | Ivanti |
| Product | ICS, IPS |
| Added Date | 2024-01-10T00:00:00.000Z |
| Cvss Score | 8.2 |
| Epss Score | 0.99986 |
| Cvss Severity | HIGH |
| Epss Percentile | 0.99983 |
| Used In Malware | yes |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46805",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T18:56:43.532172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-01-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46805"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:28.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46805"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-10T00:00:00.000Z",
"value": "CVE-2023-46805 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ICS",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "9.1R18",
"status": "affected",
"version": "9.1R18",
"versionType": "semver"
},
{
"lessThanOrEqual": "22.6R2",
"status": "affected",
"version": "22.6R2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IPS",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "9.1R18",
"status": "affected",
"version": "9.1R18",
"versionType": "semver"
},
{
"lessThanOrEqual": "22.6R1",
"status": "affected",
"version": "22.6R1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T17:06:19.758Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
},
{
"url": "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-46805",
"datePublished": "2024-01-12T17:02:16.452Z",
"dateReserved": "2023-10-27T01:00:13.399Z",
"dateUpdated": "2025-10-21T23:05:28.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-46805",
"cwes": "[\"CWE-287\"]",
"dateAdded": "2024-01-10",
"dueDate": "2024-01-22",
"knownRansomwareCampaignUse": "Known",
"notes": "Please apply mitigations per vendor instructions. For more information, please see: https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2023-46805",
"product": "Connect Secure and Policy Secure",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.",
"vendorProject": "Ivanti",
"vulnerabilityName": "Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability"
},
"epss": {
"cve": "CVE-2023-46805",
"date": "2026-07-07",
"epss": "0.99986",
"percentile": "0.99983"
},
"fkie_nvd": {
"cisaActionDue": "2024-01-22",
"cisaExploitAdd": "2024-01-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEAA1F3F-FC78-43C1-814A-19E94AC4A844\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B21C181-DC49-4EBD-9932-DBB337151FF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A3A93FE-41BF-43F2-9EFC-89656182329F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D5F47BA-DE6D-443D-95C3-A45F80EDC71E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"366EF5B8-0233-49B8-806A-E54F60410ADE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DDDA231-2A5E-4C70-8620-535C7F9027A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*\", \"matchCriteriaId\": \"32E0B425-A9BA-4D00-84A9-46268072D696\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBC724E8-195B-4CB4-AC2A-63E184AED4F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*\", \"matchCriteriaId\": \"65435A96-EF7A-439A-AA6C-CB7EAEF0A963\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3027A9CE-849E-4CAE-A1C4-170DEAF4FE86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*\", \"matchCriteriaId\": \"C132BA26-BCA0-43E6-9511-34ACFFA136A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE228FBD-5AD1-4BC6-AF63-5248E671B04F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*\", \"matchCriteriaId\": \"44C26423-8621-4F6D-A45B-0A6B6E873AB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC391EB5-C457-459C-8EAA-EA0043487C0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB6CEA16-F422-48F1-9473-3931B1BFA63F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E238AB9F-99C1-4F0D-B442-D390065D35D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*\", \"matchCriteriaId\": \"28FDE909-711C-41EC-8BA6-AC4DE05EA27E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FEFC4B1-7350-46F9-80C1-42F5AE06142F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB7A6D62-6576-4713-9BF4-11068A72E8B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*\", \"matchCriteriaId\": \"843BC1B9-50CC-4F8F-A454-A0CEC6E92290\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5355372-03EA-46D7-9104-A2785C29B664\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DE32A0C-8944-4F51-A286-266055CA4B2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0349A0CC-A372-4E51-899E-D7BA67876F4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*\", \"matchCriteriaId\": \"93D1A098-BD77-4A7B-9070-A764FB435981\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CCC2D7B-F835-45EC-A316-2F0C5F2CF565\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD812596-C77C-4129-982F-C22A25B52126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FA0B20D-3FA1-42AE-BDC5-93D8A182927C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*\", \"matchCriteriaId\": \"16DAA769-8F0D-4C54-A8D9-9902995605B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2C10C89-1DBC-4E91-BD28-D5097B589CA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"80C56782-273A-4151-BE81-13FEEFE46A6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*\", \"matchCriteriaId\": \"6564FE9E-7D96-4226-8378-DAC25525CDD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"361FAA47-52FF-4B36-96B0-9C178A4E031B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCBF6DD0-2826-4E61-8FB6-DB489EBF8981\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"415219D0-2D9A-4617-ABB7-6FF918421BEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3DF17AC-EC26-4B76-8989-B7880C9EF73E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"001E117B-E8EE-4C20-AEBF-34FF5EB5051E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C383863-1E90-4B72-A500-4326782BC92F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB9A5868-34FB-446E-817F-6701CC5DE923\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5456F61D-1FD1-4DA6-AFA3-4073889AD22A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD00E2EC-B772-4FE8-8CC5-829BE45BE878\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A07B66E0-A679-4912-8CB1-CD134713EDC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF767F07-2E9F-4099-829D-2F70E85D8A35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*\", \"matchCriteriaId\": \"B994E22B-8FA5-4510-82F6-7820BDA7C307\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE5C4ABC-2BEB-4741-95B3-303903369818\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*\", \"matchCriteriaId\": \"D50C5526-F791-4C76-B5C0-DA2E1281C9E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CB8240E-7683-4C39-9654-4F8D1F682288\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A53C031-E7A5-47B6-BA4A-DD28432E743F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*\", \"matchCriteriaId\": \"B90687F3-A5C1-4706-AD66-D78EE512E4C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*\", \"matchCriteriaId\": \"D10A3F2D-6A62-4A48-93FB-274527C821D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*\", \"matchCriteriaId\": \"811C7E7E-89AB-47DF-BACD-ED478DF756BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D37A6E4-D58E-444D-AF6A-15461F38E81A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC2B9DA0-E32B-4125-9986-F0D3814C66E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"38A0D7CF-7D55-4933-AE8C-36006D6779E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAFDA618-D15D-401D-AC68-0020259FEC57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D55AB5F0-132F-4C40-BF4F-684E139B774B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BE937D2-8BEE-4E64-8738-F550EAD00F50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C753520-1BC6-4980-AFC9-4C2FDDF2FD18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC3863BC-3B9A-402B-A74A-149CDF717EC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ED1686B-2D80-4ECF-9F7A-AEA989E17C84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*\", \"matchCriteriaId\": \"092DA2A3-5CEF-433F-8E5B-4850E4095CC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A385F38B-0B03-4B69-B7A1-952F5BAE727C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*\", \"matchCriteriaId\": \"925DCCBA-9382-4A39-84B8-4DEAFD2BC802\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"34C118FB-7AE0-466C-822A-348A2F6016AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"1536DB45-9A42-4549-A10E-FDBB6693DF17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"51FF66C9-9415-4EAD-8F19-D5E067336885\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BBC1E81-0A2A-4166-BFA6-2B866B4F8AE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D73729EB-C679-4CED-9F36-212B0581EC22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"14B481E8-D887-408F-B892-D2939CD037AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EB8380F-D229-4AF0-B27C-47760F843E48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB4B1ED6-38AD-44F8-9B77-2D6924E8A20E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"28A9318A-0D4D-4EF1-998B-4A82A1AB63F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"56C7542D-3520-4E4D-936C-5295068C4CD7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n en el componente web de Ivanti ICS 9.x, 22.x e Ivanti Policy Secure permite a un atacante remoto acceder a recursos restringidos omitiendo las comprobaciones de control.\"}]",
"id": "CVE-2023-46805",
"lastModified": "2024-11-21T08:29:20.677",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.2}], \"cvssMetricV30\": [{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.2}]}",
"published": "2024-01-12T17:15:09.530",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-46805\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2024-01-12T17:15:09.530\",\"lastModified\":\"2026-06-17T06:31:40.357\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el componente web de Ivanti ICS 9.x, 22.x e Ivanti Policy Secure permite a un atacante remoto acceder a recursos restringidos omitiendo las comprobaciones de control.\"}],\"affected\":[{\"source\":\"support@hackerone.com\",\"affectedData\":[{\"vendor\":\"Ivanti\",\"product\":\"ICS\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"9.1R18\",\"lessThanOrEqual\":\"9.1R18\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"22.6R2\",\"lessThanOrEqual\":\"22.6R2\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Ivanti\",\"product\":\"IPS\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"9.1R18\",\"lessThanOrEqual\":\"9.1R18\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"22.6R1\",\"lessThanOrEqual\":\"22.6R1\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}],\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-02-04T18:56:43.532172Z\",\"id\":\"CVE-2023-46805\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2024-01-10\",\"cisaActionDue\":\"2024-01-22\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEAA1F3F-FC78-43C1-814A-19E94AC4A844\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B21C181-DC49-4EBD-9932-DBB337151FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A3A93FE-41BF-43F2-9EFC-89656182329F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D5F47BA-DE6D-443D-95C3-A45F80EDC71E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"366EF5B8-0233-49B8-806A-E54F60410ADE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DDDA231-2A5E-4C70-8620-535C7F9027A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*\",\"matchCriteriaId\":\"32E0B425-A9BA-4D00-84A9-46268072D696\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBC724E8-195B-4CB4-AC2A-63E184AED4F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*\",\"matchCriteriaId\":\"65435A96-EF7A-439A-AA6C-CB7EAEF0A963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3027A9CE-849E-4CAE-A1C4-170DEAF4FE86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*\",\"matchCriteriaId\":\"C132BA26-BCA0-43E6-9511-34ACFFA136A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE228FBD-5AD1-4BC6-AF63-5248E671B04F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*\",\"matchCriteriaId\":\"44C26423-8621-4F6D-A45B-0A6B6E873AB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC391EB5-C457-459C-8EAA-EA0043487C0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB6CEA16-F422-48F1-9473-3931B1BFA63F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E238AB9F-99C1-4F0D-B442-D390065D35D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*\",\"matchCriteriaId\":\"28FDE909-711C-41EC-8BA6-AC4DE05EA27E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FEFC4B1-7350-46F9-80C1-42F5AE06142F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB7A6D62-6576-4713-9BF4-11068A72E8B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"843BC1B9-50CC-4F8F-A454-A0CEC6E92290\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5355372-03EA-46D7-9104-A2785C29B664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DE32A0C-8944-4F51-A286-266055CA4B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0349A0CC-A372-4E51-899E-D7BA67876F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"93D1A098-BD77-4A7B-9070-A764FB435981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CCC2D7B-F835-45EC-A316-2F0C5F2CF565\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD812596-C77C-4129-982F-C22A25B52126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FA0B20D-3FA1-42AE-BDC5-93D8A182927C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*\",\"matchCriteriaId\":\"16DAA769-8F0D-4C54-A8D9-9902995605B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2C10C89-1DBC-4E91-BD28-D5097B589CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"80C56782-273A-4151-BE81-13FEEFE46A6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6564FE9E-7D96-4226-8378-DAC25525CDD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"361FAA47-52FF-4B36-96B0-9C178A4E031B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCBF6DD0-2826-4E61-8FB6-DB489EBF8981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"415219D0-2D9A-4617-ABB7-6FF918421BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3DF17AC-EC26-4B76-8989-B7880C9EF73E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"001E117B-E8EE-4C20-AEBF-34FF5EB5051E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C383863-1E90-4B72-A500-4326782BC92F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9A5868-34FB-446E-817F-6701CC5DE923\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5456F61D-1FD1-4DA6-AFA3-4073889AD22A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD00E2EC-B772-4FE8-8CC5-829BE45BE878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A07B66E0-A679-4912-8CB1-CD134713EDC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF767F07-2E9F-4099-829D-2F70E85D8A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*\",\"matchCriteriaId\":\"B994E22B-8FA5-4510-82F6-7820BDA7C307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE5C4ABC-2BEB-4741-95B3-303903369818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50C5526-F791-4C76-B5C0-DA2E1281C9E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CB8240E-7683-4C39-9654-4F8D1F682288\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A53C031-E7A5-47B6-BA4A-DD28432E743F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*\",\"matchCriteriaId\":\"B90687F3-A5C1-4706-AD66-D78EE512E4C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*\",\"matchCriteriaId\":\"D10A3F2D-6A62-4A48-93FB-274527C821D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*\",\"matchCriteriaId\":\"811C7E7E-89AB-47DF-BACD-ED478DF756BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D37A6E4-D58E-444D-AF6A-15461F38E81A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2B9DA0-E32B-4125-9986-F0D3814C66E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"38A0D7CF-7D55-4933-AE8C-36006D6779E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAFDA618-D15D-401D-AC68-0020259FEC57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55AB5F0-132F-4C40-BF4F-684E139B774B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BE937D2-8BEE-4E64-8738-F550EAD00F50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C753520-1BC6-4980-AFC9-4C2FDDF2FD18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC3863BC-3B9A-402B-A74A-149CDF717EC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED1686B-2D80-4ECF-9F7A-AEA989E17C84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*\",\"matchCriteriaId\":\"092DA2A3-5CEF-433F-8E5B-4850E4095CC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A385F38B-0B03-4B69-B7A1-952F5BAE727C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"925DCCBA-9382-4A39-84B8-4DEAFD2BC802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"34C118FB-7AE0-466C-822A-348A2F6016AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1536DB45-9A42-4549-A10E-FDBB6693DF17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"51FF66C9-9415-4EAD-8F19-D5E067336885\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BBC1E81-0A2A-4166-BFA6-2B866B4F8AE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D73729EB-C679-4CED-9F36-212B0581EC22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"14B481E8-D887-408F-B892-D2939CD037AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB8380F-D229-4AF0-B27C-47760F843E48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB4B1ED6-38AD-44F8-9B77-2D6924E8A20E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"28A9318A-0D4D-4EF1-998B-4A82A1AB63F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"56C7542D-3520-4E4D-936C-5295068C4CD7\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46805\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:53:21.908Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-46805\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T18:56:43.532172Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-01-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46805\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-01-10T00:00:00.000Z\", \"value\": \"CVE-2023-46805 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46805\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T18:57:19.759Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\"}}], \"affected\": [{\"vendor\": \"Ivanti\", \"product\": \"ICS\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.1R18\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.1R18\"}, {\"status\": \"affected\", \"version\": \"22.6R2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"22.6R2\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ivanti\", \"product\": \"IPS\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.1R18\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.1R18\"}, {\"status\": \"affected\", \"version\": \"22.6R1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"22.6R1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\"}, {\"url\": \"http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.\"}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2024-01-22T17:06:19.758Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-46805\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:28.857Z\", \"dateReserved\": \"2023-10-27T01:00:13.399Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2024-01-12T17:02:16.452Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.