CVE-2023-46805
Published: 12 January 2024
Summary
CVE-2023-46805 is a high-severity Improper Authentication (CWE-287) vulnerability in Ivanti Connect Secure. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
An authentication bypass vulnerability tracked as CVE-2023-46805 affects the web component of Ivanti Connect Secure (ICS) versions 9.x and 22.x as well as Ivanti Policy Secure. The flaw, assigned CWE-287, permits a remote attacker to circumvent authentication control checks and reach otherwise restricted resources. It carries a CVSS 3.1 score of 8.2 with network attack vector, low complexity, and no required credentials or user interaction.
A remote unauthenticated attacker can exploit the issue over the network to obtain unauthorized access to protected areas of the affected gateways. Public references link the bypass to subsequent command-injection activity under the related CVE-2024-21887, enabling escalation to unauthenticated remote code execution on the appliance.
Ivanti advisory information and the CISA Known Exploited Vulnerabilities catalog list the affected products and direct administrators to apply vendor-supplied patches. The current EPSS score of 0.9437 with a recorded peak of 0.9667 indicates sustained high exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-50971
Vulnerability details
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
- CWE(s)
- KEV Date Added
- 10 January 2024
Related Threats
Threat-Actor AttributionAI
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access-control policy decisions on the web component so that the authentication-bypass path cannot reach restricted resources.
Requires successful identification and authentication before any access is granted, eliminating the unauthenticated entry point exploited by CVE-2023-46805.
Mandates explicit authorization and encryption for all remote sessions to the ICS/Policy Secure web interface, limiting the network attack surface used by the bypass.