CVE-2023-41719Ivanti Connect Secure vulnerability

3 documents3 sources
Severity
7.2HIGHNVD
EPSS
3.1%
top 13.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ivanti Connect Secure
Timeline
PublishedDec 14

Description

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5ivanti/connect_secure22.6.122.6.1
NVDivanti/connect_secure9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-9c65-wx34-mg83: A vulnerability exists on all versions of Ivanti Connect Secure below 222023-12-14
CVEList
CVE-2023-41719: A vulnerability exists on all versions of Ivanti Connect Secure below 222023-12-14
CVE-2023-41719 — Ivanti Connect Secure vulnerability | cvebase