CVE-2023-46805

Vulnerability updated 23 days ago (2024-11-29T14:00:52.498Z)
Download STIX
Preview STIX
CVE-2023-46805 is an authentication bypass vulnerability that affects all supported versions of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). The Cyber Centre first became aware of this flaw, along with a command injection vulnerability (CVE-2024-21887), on January 10, 2024. These vulnerabilities were exploited by threat actors to gain unauthorized access to Ivanti Connect Secure and Ivanti Policy Secure gateways. Software updates have since been made available to address these vulnerabilities. On February 29, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about ongoing exploitation of these vulnerabilities in Ivanti devices. This alert was released to provide cyber defenders with new mitigations against threats exploiting these vulnerabilities. Notably, a nation-state actor breached systems by chaining these two Ivanti Connect Secure zero-day vulnerabilities in January 2024. The extent of the breach remains undisclosed by CISA, but it continues to urge organizations to heed its advisory. Protection against these threats is provided by Check Point IPS blade, which guards against the Ivanti Authentication Bypass (CVE-2023-46805), Ivanti Command Injection (CVE-2024-21887), and Ivanti Server-Side Request Forgery (CVE-2024-21893). Additionally, the Five Eyes alliance issued a warning about threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, including CVE-2023-46805 and CVE-2024-21887. It is essential for organizations to promptly apply the available software updates to mitigate these vulnerabilities and protect their systems.
Description last updated: 2024-10-17T13:00:42.793Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ivanti
Vulnerability
CISA
Exploit
Zero Day
Ics
Mandiant
Vpn
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Krustyloader Malware is associated with CVE-2023-46805. KrustyLoader is a malicious software (malware) that has been identified as a significant threat to both Windows and Linux systems. First emerging on March 12, 2024, this malware stands out due to its ability to exploit vulnerabilities in systems, causing severe damage and disruption. This malware caUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2024-21887 Vulnerability is associated with CVE-2023-46805. CVE-2024-21887 is a command injection vulnerability found in the web components of Ivanti Connect Secure and Ivanti Policy Secure, specifically in versions 9.x and 22.x. The Cyber Centre was made aware of this flaw, along with an authentication bypass vulnerability (CVE-2023-46805), on January 10, 2Unspecified
6
The CVE-2024-21893 Vulnerability is associated with CVE-2023-46805. CVE-2024-21893 is a server-side request forgery (SSRF) vulnerability, a flaw in software design or implementation within Ivanti's products. This particular vulnerability has been exploited in targeted attacks as a zero-day, which means it was used by attackers before the vendor became aware of and pUnspecified
3
Source Document References
Information about the CVE-2023-46805 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
SANS ISC
2 months ago
CERT-EU
a year ago
Malwarebytes
a year ago
CERT-EU
10 months ago
CERT-EU
9 months ago
DARKReading
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Unit42
8 months ago
InfoSecurity-magazine
9 months ago
Securityaffairs
9 months ago
DARKReading
9 months ago
Securityaffairs
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
DARKReading
9 months ago