Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2023-46805
CVE-2023-46805:
Ivanti Connect Secure vulnerability analysis and mitigation
Overview
An authentication bypass vulnerability (CVE-2023-46805) was discovered in the web component of Ivanti Connect Secure (ICS) 9.x, 22.x and Ivanti Policy Secure. The vulnerability allows remote attackers to access restricted resources by bypassing control checks without authentication. This critical security flaw was first exploited in the wild as early as December 2023 and was officially disclosed on January 10, 2024 (Tenable Blog, NVD).
Technical details
The vulnerability has been assigned a CVSS v3.1 base score of 8.2 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. The flaw is classified as CWE-287 (Improper Authentication) and affects multiple versions of Ivanti Connect Secure and Policy Secure products. The vulnerability requires no user interaction or privileges for exploitation, can be accessed remotely through the network, and has low attack complexity (NVD).
Impact
Successful exploitation of this vulnerability allows attackers to bypass authentication controls and access restricted resources. The vulnerability has high impact on confidentiality and low impact on integrity, with no direct impact on availability. When chained with other vulnerabilities, it has been used to achieve unauthenticated remote code execution on affected systems (AttackerKB).
Mitigation and workarounds
Ivanti has provided mitigation scripts that should be implemented immediately on affected systems. The company announced a phased patch release schedule, with the first patches becoming available in the week of January 22, 2024. Organizations are advised to monitor for signs of compromise through network traffic analysis, VPN device log analysis, and execution of the Integrity Checker Tool (Tenable Blog).
Community reactions
The vulnerability has gained significant attention from the cybersecurity community and government agencies. The US Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to their Known Exploited Vulnerabilities (KEV) catalog and issued Emergency Directive 24-01 requiring Federal Civilian Executive Branch agencies to take immediate action (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management