CVE-2023-46805

Vulnerability updated a month ago (2024-10-17T13:00:58.008Z)

Download STIX

Preview STIX

CVE-2023-46805 is an authentication bypass vulnerability that affects all supported versions of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). The Cyber Centre first became aware of this flaw, along with a command injection vulnerability (CVE-2024-21887), on January 10, 2024. These vulnerabilities were exploited by threat actors to gain unauthorized access to Ivanti Connect Secure and Ivanti Policy Secure gateways. Software updates have since been made available to address these vulnerabilities. On February 29, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about ongoing exploitation of these vulnerabilities in Ivanti devices. This alert was released to provide cyber defenders with new mitigations against threats exploiting these vulnerabilities. Notably, a nation-state actor breached systems by chaining these two Ivanti Connect Secure zero-day vulnerabilities in January 2024. The extent of the breach remains undisclosed by CISA, but it continues to urge organizations to heed its advisory. Protection against these threats is provided by Check Point IPS blade, which guards against the Ivanti Authentication Bypass (CVE-2023-46805), Ivanti Command Injection (CVE-2024-21887), and Ivanti Server-Side Request Forgery (CVE-2024-21893). Additionally, the Five Eyes alliance issued a warning about threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, including CVE-2023-46805 and CVE-2024-21887. It is essential for organizations to promptly apply the available software updates to mitigate these vulnerabilities and protect their systems.

Description last updated: 2024-10-17T13:00:42.793Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ivanti

Vulnerability

CISA

Exploit

Zero Day

Ics

Mandiant

Vpn

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Krustyloader Malware is associated with CVE-2023-46805. KrustyLoader is a malicious software (malware) that has been identified as a significant threat to both Windows and Linux systems. First emerging on March 12, 2024, this malware stands out due to its ability to exploit vulnerabilities in systems, causing severe damage and disruption. This malware ca	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2024-21887 Vulnerability is associated with CVE-2023-46805. CVE-2024-21887 is a command injection vulnerability found in the web components of Ivanti Connect Secure and Ivanti Policy Secure, specifically in versions 9.x and 22.x. The Cyber Centre was made aware of this flaw, along with an authentication bypass vulnerability (CVE-2023-46805), on January 10, 2	Unspecified	6
The CVE-2024-21893 Vulnerability is associated with CVE-2023-46805. CVE-2024-21893 is a server-side request forgery (SSRF) vulnerability, a flaw in software design or implementation within Ivanti's products. This particular vulnerability has been exploited in targeted attacks as a zero-day, which means it was used by attackers before the vendor became aware of and p	Unspecified	3

Source Document References

Information about the CVE-2023-46805 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
SANS ISC	23 days ago	Two currently (old) exploited Ivanti vulnerabilities - SANS Internet Storm Center
CERT-EU	10 months ago	Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
Malwarebytes	10 months ago	Ivanti vulnerabilities now actively exploited in massive numbers
CERT-EU	9 months ago	Ivanti follows CISA warning with new protection tool
CERT-EU	8 months ago	Magnet Goblin hackers used Ivanti bugs to drop custom Linux malware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker
DARKReading	5 months ago	Threat Actor May Have Accessed Sensitive Info on CISA Chemical App
Securityaffairs	5 months ago	CISA confirmed that CSAT environment was breached in January
Securityaffairs	6 months ago	Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
Securityaffairs	6 months ago	MITRE attributes the recent attack to China-linked UNC5221
Unit42	7 months ago	It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise
InfoSecurity-magazine	8 months ago	Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities
Securityaffairs	8 months ago	Ivanti fixed for 4 new issues in Connect Secure and Policy Secure
DARKReading	8 months ago	Ivanti Keeps Security Teams Scrambling With 2 More Vulns
Securityaffairs	8 months ago	Ivanti urges customers to fix critical RCE flaw in Standalone Sentry
CERT-EU	8 months ago	Cyber Security Week in Review: March 15, 2024
CERT-EU	8 months ago	Risk & Repeat: CISA hacked via Ivanti vulnerabilities \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	Magnet Goblin Uses 1-Day Exploits to Drop Custom Malware on Linux, Windows
CERT-EU	8 months ago	US cybersecurity agency takes systems offline after Ivanti compromise
CERT-EU	8 months ago	US Cybersecurity and Infrastructure Security Agency hacked \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
DARKReading	8 months ago	Ivanti Breach Prompts CISA to Take Systems Offline