gsd - gsd-2023-46805

gsd-2023-46805

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Aliases

CVE-2023-46805

Aliases

CVE-2023-46805

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2023-46805",
      id: "GSD-2023-46805",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2023-46805",
         ],
         details: "An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.",
         id: "GSD-2023-46805",
         modified: "2023-12-13T01:20:52.978662Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "support@hackerone.com",
            ID: "CVE-2023-46805",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "ICS",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<=",
                                       version_name: "9.1R18",
                                       version_value: "9.1R18",
                                    },
                                    {
                                       version_affected: "<=",
                                       version_name: "22.6R2",
                                       version_value: "22.6R2",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "IPS",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<=",
                                       version_name: "9.1R18",
                                       version_value: "9.1R18",
                                    },
                                    {
                                       version_affected: "<=",
                                       version_name: "22.6R1",
                                       version_value: "22.6R1",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Ivanti",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.",
               },
            ],
         },
         impact: {
            cvss: [
               {
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                  version: "3.0",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
                  refsource: "MISC",
                  url: "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
               },
               {
                  name: "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html",
                  refsource: "MISC",
                  url: "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         cve: {
            cisaActionDue: "2024-01-22",
            cisaExploitAdd: "2024-01-10",
            cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
            cisaVulnerabilityName: "Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability",
            configurations: [
               {
                  nodes: [
                     {
                        cpeMatch: [
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
                              matchCriteriaId: "BEAA1F3F-FC78-43C1-814A-19E94AC4A844",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
                              matchCriteriaId: "4B21C181-DC49-4EBD-9932-DBB337151FF7",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
                              matchCriteriaId: "5A3A93FE-41BF-43F2-9EFC-89656182329F",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
                              matchCriteriaId: "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
                              matchCriteriaId: "366EF5B8-0233-49B8-806A-E54F60410ADE",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
                              matchCriteriaId: "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
                              matchCriteriaId: "2DDDA231-2A5E-4C70-8620-535C7F9027A4",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
                              matchCriteriaId: "32E0B425-A9BA-4D00-84A9-46268072D696",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
                              matchCriteriaId: "BBC724E8-195B-4CB4-AC2A-63E184AED4F6",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
                              matchCriteriaId: "65435A96-EF7A-439A-AA6C-CB7EAEF0A963",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
                              matchCriteriaId: "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
                              matchCriteriaId: "C132BA26-BCA0-43E6-9511-34ACFFA136A9",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
                              matchCriteriaId: "CE228FBD-5AD1-4BC6-AF63-5248E671B04F",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
                              matchCriteriaId: "D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
                              matchCriteriaId: "44C26423-8621-4F6D-A45B-0A6B6E873AB6",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
                              matchCriteriaId: "BC391EB5-C457-459C-8EAA-EA0043487C0B",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
                              matchCriteriaId: "DB6CEA16-F422-48F1-9473-3931B1BFA63F",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
                              matchCriteriaId: "E238AB9F-99C1-4F0D-B442-D390065D35D1",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
                              matchCriteriaId: "28FDE909-711C-41EC-8BA6-AC4DE05EA27E",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
                              matchCriteriaId: "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
                              matchCriteriaId: "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
                              matchCriteriaId: "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
                              matchCriteriaId: "D5355372-03EA-46D7-9104-A2785C29B664",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
                              matchCriteriaId: "3DE32A0C-8944-4F51-A286-266055CA4B2F",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
                              matchCriteriaId: "0349A0CC-A372-4E51-899E-D7BA67876F4B",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
                              matchCriteriaId: "93D1A098-BD77-4A7B-9070-A764FB435981",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
                              matchCriteriaId: "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
                              matchCriteriaId: "AD812596-C77C-4129-982F-C22A25B52126",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
                              matchCriteriaId: "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
                              matchCriteriaId: "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
                              matchCriteriaId: "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
                              matchCriteriaId: "16DAA769-8F0D-4C54-A8D9-9902995605B0",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
                              matchCriteriaId: "B2C10C89-1DBC-4E91-BD28-D5097B589CA9",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
                              matchCriteriaId: "80C56782-273A-4151-BE81-13FEEFE46A6A",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*",
                              matchCriteriaId: "6564FE9E-7D96-4226-8378-DAC25525CDD1",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
                              matchCriteriaId: "361FAA47-52FF-4B36-96B0-9C178A4E031B",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
                              matchCriteriaId: "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*",
                              matchCriteriaId: "415219D0-2D9A-4617-ABB7-6FF918421BEE",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*",
                              matchCriteriaId: "E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*",
                              matchCriteriaId: "D3DF17AC-EC26-4B76-8989-B7880C9EF73E",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*",
                              matchCriteriaId: "001E117B-E8EE-4C20-AEBF-34FF5EB5051E",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*",
                              matchCriteriaId: "6C383863-1E90-4B72-A500-4326782BC92F",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*",
                              matchCriteriaId: "AB9A5868-34FB-446E-817F-6701CC5DE923",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*",
                              matchCriteriaId: "5456F61D-1FD1-4DA6-AFA3-4073889AD22A",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*",
                              matchCriteriaId: "DD00E2EC-B772-4FE8-8CC5-829BE45BE878",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
                              matchCriteriaId: "A07B66E0-A679-4912-8CB1-CD134713EDC7",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
                              matchCriteriaId: "BF767F07-2E9F-4099-829D-2F70E85D8A35",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
                              matchCriteriaId: "B994E22B-8FA5-4510-82F6-7820BDA7C307",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
                              matchCriteriaId: "FE5C4ABC-2BEB-4741-95B3-303903369818",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
                              matchCriteriaId: "D50C5526-F791-4C76-B5C0-DA2E1281C9E2",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
                              matchCriteriaId: "2CB8240E-7683-4C39-9654-4F8D1F682288",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
                              matchCriteriaId: "7A53C031-E7A5-47B6-BA4A-DD28432E743F",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
                              matchCriteriaId: "4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
                              matchCriteriaId: "B90687F3-A5C1-4706-AD66-D78EE512E4C9",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*",
                              matchCriteriaId: "D10A3F2D-6A62-4A48-93FB-274527C821D2",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*",
                              matchCriteriaId: "811C7E7E-89AB-47DF-BACD-ED478DF756BC",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
                              matchCriteriaId: "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
                              matchCriteriaId: "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
                              matchCriteriaId: "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
                              matchCriteriaId: "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
                              matchCriteriaId: "BAFDA618-D15D-401D-AC68-0020259FEC57",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
                              matchCriteriaId: "D55AB5F0-132F-4C40-BF4F-684E139B774B",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
                              matchCriteriaId: "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
                              matchCriteriaId: "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
                              matchCriteriaId: "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
                              matchCriteriaId: "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
                              matchCriteriaId: "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
                              matchCriteriaId: "7ED1686B-2D80-4ECF-9F7A-AEA989E17C84",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
                              matchCriteriaId: "092DA2A3-5CEF-433F-8E5B-4850E4095CC4",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
                              matchCriteriaId: "A385F38B-0B03-4B69-B7A1-952F5BAE727C",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*",
                              matchCriteriaId: "925DCCBA-9382-4A39-84B8-4DEAFD2BC802",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
                              matchCriteriaId: "34C118FB-7AE0-466C-822A-348A2F6016AC",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*",
                              matchCriteriaId: "1536DB45-9A42-4549-A10E-FDBB6693DF17",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*",
                              matchCriteriaId: "51FF66C9-9415-4EAD-8F19-D5E067336885",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*",
                              matchCriteriaId: "8BBC1E81-0A2A-4166-BFA6-2B866B4F8AE4",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*",
                              matchCriteriaId: "D73729EB-C679-4CED-9F36-212B0581EC22",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*",
                              matchCriteriaId: "14B481E8-D887-408F-B892-D2939CD037AB",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*",
                              matchCriteriaId: "3EB8380F-D229-4AF0-B27C-47760F843E48",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*",
                              matchCriteriaId: "CB4B1ED6-38AD-44F8-9B77-2D6924E8A20E",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*",
                              matchCriteriaId: "28A9318A-0D4D-4EF1-998B-4A82A1AB63F0",
                              vulnerable: true,
                           },
                           {
                              criteria: "cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*",
                              matchCriteriaId: "56C7542D-3520-4E4D-936C-5295068C4CD7",
                              vulnerable: true,
                           },
                        ],
                        negate: false,
                        operator: "OR",
                     },
                  ],
               },
            ],
            descriptions: [
               {
                  lang: "en",
                  value: "An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.",
               },
               {
                  lang: "es",
                  value: "Una vulnerabilidad de omisión de autenticación en el componente web de Ivanti ICS 9.x, 22.x e Ivanti Policy Secure permite a un atacante remoto acceder a recursos restringidos omitiendo las comprobaciones de control.",
               },
            ],
            id: "CVE-2023-46805",
            lastModified: "2024-01-22T17:15:09.080",
            metrics: {
               cvssMetricV30: [
                  {
                     cvssData: {
                        attackComplexity: "LOW",
                        attackVector: "NETWORK",
                        availabilityImpact: "NONE",
                        baseScore: 8.2,
                        baseSeverity: "HIGH",
                        confidentialityImpact: "HIGH",
                        integrityImpact: "LOW",
                        privilegesRequired: "NONE",
                        scope: "UNCHANGED",
                        userInteraction: "NONE",
                        vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                        version: "3.0",
                     },
                     exploitabilityScore: 3.9,
                     impactScore: 4.2,
                     source: "support@hackerone.com",
                     type: "Secondary",
                  },
               ],
               cvssMetricV31: [
                  {
                     cvssData: {
                        attackComplexity: "LOW",
                        attackVector: "NETWORK",
                        availabilityImpact: "NONE",
                        baseScore: 8.2,
                        baseSeverity: "HIGH",
                        confidentialityImpact: "HIGH",
                        integrityImpact: "LOW",
                        privilegesRequired: "NONE",
                        scope: "UNCHANGED",
                        userInteraction: "NONE",
                        vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                        version: "3.1",
                     },
                     exploitabilityScore: 3.9,
                     impactScore: 4.2,
                     source: "nvd@nist.gov",
                     type: "Primary",
                  },
               ],
            },
            published: "2024-01-12T17:15:09.530",
            references: [
               {
                  source: "support@hackerone.com",
                  url: "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html",
               },
               {
                  source: "support@hackerone.com",
                  tags: [
                     "Vendor Advisory",
                  ],
                  url: "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
               },
            ],
            sourceIdentifier: "support@hackerone.com",
            vulnStatus: "Modified",
            weaknesses: [
               {
                  description: [
                     {
                        lang: "en",
                        value: "CWE-287",
                     },
                  ],
                  source: "nvd@nist.gov",
                  type: "Primary",
               },
            ],
         },
      },
   },
}

cve-2023-46805

Vulnerability from cvelistv5

Published

2024-01-12 17:02

Modified

2025-02-13 17:14

Severity ?

8.2 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

References

▼	URL	Tags
	https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
	http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html

Impacted products

Vendor

Product

Version

▼

Ivanti

ICS

Version: 9.1R18 ≤ 9.1R18
Version: 22.6R2 ≤ 22.6R2

Ivanti

IPS

Version: 9.1R18 ≤ 9.1R18
Version: 22.6R1 ≤ 22.6R1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T20:53:21.908Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-46805",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-04T18:56:43.532172Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2024-01-10",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-46805",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        description: "CWE-noinfo Not enough information",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-04T19:04:33.207Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "ICS",
               vendor: "Ivanti",
               versions: [
                  {
                     lessThanOrEqual: "9.1R18",
                     status: "affected",
                     version: "9.1R18",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "22.6R2",
                     status: "affected",
                     version: "22.6R2",
                     versionType: "semver",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "IPS",
               vendor: "Ivanti",
               versions: [
                  {
                     lessThanOrEqual: "9.1R18",
                     status: "affected",
                     version: "9.1R18",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "22.6R1",
                     status: "affected",
                     version: "22.6R1",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                  version: "3.0",
               },
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-22T17:06:19.758Z",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               url: "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
            },
            {
               url: "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2023-46805",
      datePublished: "2024-01-12T17:02:16.452Z",
      dateReserved: "2023-10-27T01:00:13.399Z",
      dateUpdated: "2025-02-13T17:14:35.487Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted