Cyber Resilience

CVE-2023-46805

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 12 January 2024

Published
12 January 2024
Modified
31 October 2025
KEV Added
10 January 2024
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.9437 100.0th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-46805 is a high-severity Improper Authentication (CWE-287) vulnerability in Ivanti Connect Secure. Its CVSS base score is 8.2 (High).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

An authentication bypass vulnerability tracked as CVE-2023-46805 affects the web component of Ivanti Connect Secure (ICS) versions 9.x and 22.x as well as Ivanti Policy Secure. The flaw, assigned CWE-287, permits a remote attacker to circumvent authentication control checks and reach otherwise restricted resources. It carries a CVSS 3.1 score of 8.2 with network attack vector, low complexity, and no required credentials or user interaction.

A remote unauthenticated attacker can exploit the issue over the network to obtain unauthorized access to protected areas of the affected gateways. Public references link the bypass to subsequent command-injection activity under the related CVE-2024-21887, enabling escalation to unauthenticated remote code execution on the appliance.

Ivanti advisory information and the CISA Known Exploited Vulnerabilities catalog list the affected products and direct administrators to apply vendor-supplied patches. The current EPSS score of 0.9437 with a recorded peak of 0.9667 indicates sustained high exploitation interest following disclosure.

EU & UK References

Vulnerability details

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

CWE(s)
KEV Date Added
10 January 2024

Related Threats

Threat-Actor AttributionAI

UNC5291
Mandiant attributed in-the-wild exploitation of the Ivanti Connect Secure auth-bypass CVE-2023-46805 (with CVE-2024-21887) to UNC5291 in Jan 2024 reporting.

Affected Assets

ivanti
connect secure
22.1, 22.2, 22.3, 22.4, 22.5
ivanti
policy secure
22.1, 22.2, 22.3, 22.4, 22.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access-control policy decisions on the web component so that the authentication-bypass path cannot reach restricted resources.

prevent

Requires successful identification and authentication before any access is granted, eliminating the unauthenticated entry point exploited by CVE-2023-46805.

AC-17 Remote Access partial match
prevent

Mandates explicit authorization and encryption for all remote sessions to the ICS/Policy Secure web interface, limiting the network attack surface used by the bypass.

References