Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)

Severity:

High

Summary

Invicti detected Authentication Bypass vulnerability.

The Ivanti Connect Secure and Ivanti Policy Secure have an authentication bypass vulnerability.
An attacker can bypass the authentication with a specially crafted HTTP request
and get administrative access to the system.

Impact

An unauthenticated attacker can compromise the Ivanti Connect Secure / Policy Secure.

Remediation

Upgrade to the latest version of Ivanti Connect Secure / Policy Secure

Required Skills for Successful Exploitation

Actions To Take

Classifications

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

XPath Injection (IAST)

Out-of-date Version (Fuel UX)

Out-of-Date (Bootstrap Select)

Out of Band Code Evaluation (Ruby)

Out-of-date Version (Video.js)

Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.