Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)

Severity:

High

Summary

Invicti detected Authentication Bypass vulnerability.

The Ivanti Connect Secure and Ivanti Policy Secure have an authentication bypass vulnerability.
An attacker can bypass the authentication with a specially crafted HTTP request
and get administrative access to the system.

Impact

An unauthenticated attacker can compromise the Ivanti Connect Secure / Policy Secure.

Remediation

Upgrade to the latest version of Ivanti Connect Secure / Policy Secure

Required Skills for Successful Exploitation

Actions To Take

Classifications

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Out-of-date Version (Leaflet)

WordPress Theme JobCareer Out Of Date

WordPress Plugin Akismet Spam Protection Out Of Date

Out-of-date Version (jQuery Migrate)

Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)

Vulnerability Index

Select Category

Select Vulnerability

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.