CVE-2023-46805 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-46805?
CVE-2023-46805 is a significant authentication bypass vulnerability affecting the web component of Ivanti ICS 9.x, 22.x, and Ivanti Policy Secure. This vulnerability allows remote attackers to access restricted resources by bypassing control checks. It impacts a variety of systems, specifically those running Ivanti Connect Secure and Ivanti Policy Secure gateways. With a CVSS score of 8.2, this vulnerability poses a considerable risk to affected systems and requires prompt attention to mitigate potential threats.
Who is impacted by CVE-2023-46805?
If you're using Ivanti Connect Secure or Ivanti Policy Secure, you might be affected by the CVE-2023-46805 vulnerability. This issue specifically impacts versions 9.x and 22.x of these products. It's important to be aware of this vulnerability, as it allows attackers to bypass security controls and access restricted resources on your system. Unsupported versions 8.x and below might also be at risk, but it's unclear at this time. Stay informed and take necessary precautions to protect your systems from potential threats.
What should I do if I’m affected?
If you're affected by the CVE-2023-46805 vulnerability, it's crucial to take immediate action to protect your systems. Follow these steps to mitigate the risk:
Check if your Ivanti Connect Secure or Ivanti Policy Secure version is affected by referring to the vendor advisory.
Apply the available patch for your affected version, as mentioned in the vendor advisory.
For additional support, log a case or request a call in the Ivanti Success Portal.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-46805 vulnerability is indeed present in CISA's Known Exploited Vulnerabilities Catalog. This authentication bypass vulnerability is named "Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability." It was added to the catalog on January 10, 2024, and the due date for taking action is January 22, 2024. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for CVE-2023-46805 is categorized as CWE-287, an improper authentication issue affecting Ivanti Connect Secure and Ivanti Policy Secure gateways.
Learn More
CVE-2023-46805 is a critical authentication bypass vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure gateways. It's essential to stay informed and take necessary precautions to protect your systems. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the resources below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-46805 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-46805?
CVE-2023-46805 is a significant authentication bypass vulnerability affecting the web component of Ivanti ICS 9.x, 22.x, and Ivanti Policy Secure. This vulnerability allows remote attackers to access restricted resources by bypassing control checks. It impacts a variety of systems, specifically those running Ivanti Connect Secure and Ivanti Policy Secure gateways. With a CVSS score of 8.2, this vulnerability poses a considerable risk to affected systems and requires prompt attention to mitigate potential threats.
Who is impacted by CVE-2023-46805?
If you're using Ivanti Connect Secure or Ivanti Policy Secure, you might be affected by the CVE-2023-46805 vulnerability. This issue specifically impacts versions 9.x and 22.x of these products. It's important to be aware of this vulnerability, as it allows attackers to bypass security controls and access restricted resources on your system. Unsupported versions 8.x and below might also be at risk, but it's unclear at this time. Stay informed and take necessary precautions to protect your systems from potential threats.
What should I do if I’m affected?
If you're affected by the CVE-2023-46805 vulnerability, it's crucial to take immediate action to protect your systems. Follow these steps to mitigate the risk:
Check if your Ivanti Connect Secure or Ivanti Policy Secure version is affected by referring to the vendor advisory.
Apply the available patch for your affected version, as mentioned in the vendor advisory.
For additional support, log a case or request a call in the Ivanti Success Portal.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-46805 vulnerability is indeed present in CISA's Known Exploited Vulnerabilities Catalog. This authentication bypass vulnerability is named "Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability." It was added to the catalog on January 10, 2024, and the due date for taking action is January 22, 2024. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for CVE-2023-46805 is categorized as CWE-287, an improper authentication issue affecting Ivanti Connect Secure and Ivanti Policy Secure gateways.
Learn More
CVE-2023-46805 is a critical authentication bypass vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure gateways. It's essential to stay informed and take necessary precautions to protect your systems. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the resources below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-46805 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-46805?
CVE-2023-46805 is a significant authentication bypass vulnerability affecting the web component of Ivanti ICS 9.x, 22.x, and Ivanti Policy Secure. This vulnerability allows remote attackers to access restricted resources by bypassing control checks. It impacts a variety of systems, specifically those running Ivanti Connect Secure and Ivanti Policy Secure gateways. With a CVSS score of 8.2, this vulnerability poses a considerable risk to affected systems and requires prompt attention to mitigate potential threats.
Who is impacted by CVE-2023-46805?
If you're using Ivanti Connect Secure or Ivanti Policy Secure, you might be affected by the CVE-2023-46805 vulnerability. This issue specifically impacts versions 9.x and 22.x of these products. It's important to be aware of this vulnerability, as it allows attackers to bypass security controls and access restricted resources on your system. Unsupported versions 8.x and below might also be at risk, but it's unclear at this time. Stay informed and take necessary precautions to protect your systems from potential threats.
What should I do if I’m affected?
If you're affected by the CVE-2023-46805 vulnerability, it's crucial to take immediate action to protect your systems. Follow these steps to mitigate the risk:
Check if your Ivanti Connect Secure or Ivanti Policy Secure version is affected by referring to the vendor advisory.
Apply the available patch for your affected version, as mentioned in the vendor advisory.
For additional support, log a case or request a call in the Ivanti Success Portal.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-46805 vulnerability is indeed present in CISA's Known Exploited Vulnerabilities Catalog. This authentication bypass vulnerability is named "Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability." It was added to the catalog on January 10, 2024, and the due date for taking action is January 22, 2024. The required action is to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for CVE-2023-46805 is categorized as CWE-287, an improper authentication issue affecting Ivanti Connect Secure and Ivanti Policy Secure gateways.
Learn More
CVE-2023-46805 is a critical authentication bypass vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure gateways. It's essential to stay informed and take necessary precautions to protect your systems. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the resources below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions