CVE-2023-46805

Vulnerability updated 2 months ago (2024-06-25T08:17:34.678Z)

Download STIX

Preview STIX

CVE-2023-46805 is a significant software vulnerability discovered in the web component of all supported versions of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). This flaw, which allows for authentication bypass, was first brought to the attention of the Cyber Centre on January 10, 2024, alongside another vulnerability, CVE-2024-21887, which enables command injection. Both vulnerabilities were found impacting Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure, and Ivanti Policy Secure (IPS) gateways. The MITRE Corporation reported that its systems were breached in January 2024 by a nation-state actor exploiting these two vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert providing mitigations to defend against threat actors exploiting these vulnerabilities. On February 29, CISA issued another warning, emphasizing that threat actors were continuing to exploit multiple vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways, including CVE-2023-46805. Despite remaining reticent about the extent of the breach, CISA urged organizations to heed its advisory and protect their systems against these threats. The Five Eyes alliance also issued a warning about threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, including CVE-2023-46805. Software updates have been made available to address these vulnerabilities. Notably, Check Point IPS blade provides protection against these threats. It's crucial for organizations using Ivanti products to apply these updates promptly to protect their systems from potential breaches.

Description last updated: 2024-06-25T08:15:38.092Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ivanti

Vulnerability

CISA

Exploit

Zero Day

Ics

Mandiant

Vpn

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Krustyloader	Unspecified	2	KrustyLoader is a malicious software (malware) that has emerged as a significant threat to both Windows and Linux systems. This backdoor malware, known for its disruptive capabilities, can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2024-21887	Unspecified	6	CVE-2024-21887 is a command injection vulnerability found in the web components of Ivanti Connect Secure and Ivanti Policy Secure, specifically in versions 9.x and 22.x. The Cyber Centre was made aware of this flaw, along with an authentication bypass vulnerability (CVE-2023-46805), on January 10, 2
CVE-2024-21893	Unspecified	3	CVE-2024-21893 is a server-side request forgery (SSRF) vulnerability, a flaw in software design or implementation within Ivanti's products. This particular vulnerability has been exploited in targeted attacks as a zero-day, which means it was used by attackers before the vendor became aware of and p

Source Document References

Information about the CVE-2023-46805 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	8 months ago	Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
Malwarebytes	8 months ago	Ivanti vulnerabilities now actively exploited in massive numbers
CERT-EU	6 months ago	Ivanti follows CISA warning with new protection tool
CERT-EU	6 months ago	Magnet Goblin hackers used Ivanti bugs to drop custom Linux malware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker
DARKReading	2 months ago	Threat Actor May Have Accessed Sensitive Info on CISA Chemical App
Securityaffairs	2 months ago	CISA confirmed that CSAT environment was breached in January
Securityaffairs	4 months ago	Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
Securityaffairs	4 months ago	MITRE attributes the recent attack to China-linked UNC5221
Unit42	5 months ago	It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise
InfoSecurity-magazine	5 months ago	Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities
Securityaffairs	5 months ago	Ivanti fixed for 4 new issues in Connect Secure and Policy Secure
DARKReading	6 months ago	Ivanti Keeps Security Teams Scrambling With 2 More Vulns
Securityaffairs	6 months ago	Ivanti urges customers to fix critical RCE flaw in Standalone Sentry
CERT-EU	6 months ago	Cyber Security Week in Review: March 15, 2024
CERT-EU	6 months ago	Risk & Repeat: CISA hacked via Ivanti vulnerabilities \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	6 months ago	Magnet Goblin Uses 1-Day Exploits to Drop Custom Malware on Linux, Windows
CERT-EU	6 months ago	US cybersecurity agency takes systems offline after Ivanti compromise
CERT-EU	6 months ago	US Cybersecurity and Infrastructure Security Agency hacked \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
DARKReading	6 months ago	Ivanti Breach Prompts CISA to Take Systems Offline
InfoSecurity-magazine	6 months ago	Magnet Goblin Exploits 1-Day Ivanti Vulnerabilities