CVE-2023-46805

critical

Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

References

https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures

https://cyberscoop.com/sonicwall-exploited-vulnerabilities-surge/

https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html

https://therecord.media/cisa-ivanti-firewall-bug-exploitation

https://www.darkreading.com/vulnerabilities-threats/china-linked-threat-group-exploits-ivanti-bug

https://www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/

https://cyberscoop.com/china-espionage-group-ivanti-vulnerability-exploits/

https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability

https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/

https://cyberscoop.com/edge-device-vulnerabilities-fuel-attack-sprees/

https://www.securityweek.com/exploitation-of-new-ivanti-vpn-zero-day-linked-to-chinese-cyberspies/

https://therecord.media/china-espionage-ivanti-vulnerabilities-mandiant

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/

https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider

https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

https://www.trendmicro.com/en_us/research/24/k/earth-estries.html

https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/

https://isc.sans.edu/diary/rss/31384

https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/

https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit

https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html

https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html

https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation

https://services.google.com/fh/files/misc/m-trends-2024.pdf

https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks

https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/

https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/

https://www.darkreading.com/vulnerabilities-threats/volt-typhoon-hits-multiple-electric-cos-expands-cyber-activity

https://hub.dragos.com/hubfs/116-Datasheets/Dragos_IntelBrief_VOLTZITE_FINAL.pdf

https://www.bleepingcomputer.com/news/security/newest-ivanti-ssrf-zero-day-now-under-mass-exploitation/

https://www.infosecurity-magazine.com/news/rust-payloads-ivanti-zero-days/

https://www.cisa.gov/news-events/directives/ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure-vulnerabilities

https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/

https://meterpreter.org/mandiant-uncovers-unc5221-stealthy-hackers-bypass-vpn-defenses-with-malware-arsenal/

https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-now-under-mass-exploitation/

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/

https://infosec.exchange/@[email protected]/111732557655576182

Details

Source: Mitre, NVD

Published: 2024-01-12

Updated: 2025-01-27

Named Vulnerability: ConnectAroundKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N

Severity: High

CVSS v3

Base Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity: High

CVSS v4

Base Score: 9.2

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Severity: Critical

EPSS

EPSS: 0.94398

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Concern