⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-01-22.
CVE-2023-46805 — Improper Authentication in Ivanti ICS
Severity
8.2HIGHNVD
EPSS
94.4%
top 0.03%
CISA KEV
KEVRansomware
Added 2024-01-10
Due 2024-01-22
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
KEV addedJan 10
PublishedJan 12
KEV dueJan 22
Latest updateFeb 15
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2
Affected Packages4 packages
🔴Vulnerability Details
3💥Exploits & PoCs
2Nuclei▶
Ivanti ICS - Authentication Bypass
🔍Detection Rules
4Suricata▶
ET WEB_SPECIFIC_APPS Possible Ivanti Pulse Secure Authentication Bypass and Command Injection Attempt M2 (CVE-2023-46805, CVE-2024-21887)↗2024-01-22
Suricata▶
ET WEB_SPECIFIC_APPS Possible Ivanti Pulse Secure Authentication Bypass and Command Injection Attempt (CVE-2023-46805, CVE-2024-21887) M1↗2024-01-17
Suricata▶
ET WEB_SPECIFIC_APPS Ivanti Pulse Secure Authentication Bypass and Command Injection Attempt (CVE-2023-46805, CVE-2024-21887) M1↗2024-01-16
Suricata▶
ET WEB_SPECIFIC_APPS Ivanti Pulse Secure Authentication Bypass and Command Injection Attempt (CVE-2023-46805, CVE-2024-21887) M2↗2024-01-16