Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
Description
Ivanti Connect Secure and Ivanti Policy Secure contain an authentication bypass vulnerability (CVE-2023-46805) that allows attackers to circumvent normal authentication mechanisms. By sending a specially crafted HTTP request, an unauthenticated remote attacker can gain unauthorized access to the system with administrative privileges, effectively bypassing all authentication controls.
Remediation
Apply security patches immediately by upgrading to the latest patched versions as specified in Ivanti's security advisory. For Ivanti Connect Secure, upgrade to version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, or later. For Ivanti Policy Secure, upgrade to version 9.1R17.2, 9.1R18.3, 22.5R1.1, or later. If immediate patching is not possible, implement the Ivanti Integrity Checker Tool (ICT) to detect potential compromise and apply Ivanti's provided XML mitigation configuration as a temporary workaround. Monitor authentication logs for suspicious activity and consider restricting gateway access to trusted IP addresses until patches are applied. After patching, conduct a thorough security assessment to ensure no compromise occurred prior to remediation.