CVE-2023-41719: 
Ivanti Connect Secure vulnerability analysis and mitigation

CVE-2023-41719 is a security vulnerability affecting Ivanti Connect Secure (ICS) versions below 22.6R2. The vulnerability was discovered through responsible disclosure by Jérôme Mampianinazakason of Synacktiv and was officially disclosed in December 2023 (Ivanti Blog).

The vulnerability allows an attacker impersonating an administrator to craft a specific web request which may lead to remote code execution. The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, high privileges required, and high impact on confidentiality, integrity, and availability (NVD).

If exploited, the vulnerability could lead to remote code execution on affected systems, potentially compromising the security of the Ivanti Connect Secure infrastructure. The vulnerability affects multiple versions of the software and could have significant implications for system security (NVD).

Ivanti has released security updates to address this vulnerability. The fix is available in version 22.6R2 and later. Customers are strongly encouraged to download and install the latest releases of ICS from the Ivanti Download Center (Ivanti Blog).