CVE-2023-46805

critical

Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

References

https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures

https://cyberscoop.com/sonicwall-exploited-vulnerabilities-surge/

https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html

https://therecord.media/cisa-ivanti-firewall-bug-exploitation

https://www.darkreading.com/vulnerabilities-threats/china-linked-threat-group-exploits-ivanti-bug

https://www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/

https://cyberscoop.com/china-espionage-group-ivanti-vulnerability-exploits/

https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability

https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/

https://cyberscoop.com/edge-device-vulnerabilities-fuel-attack-sprees/

https://www.securityweek.com/exploitation-of-new-ivanti-vpn-zero-day-linked-to-chinese-cyberspies/

https://therecord.media/china-espionage-ivanti-vulnerabilities-mandiant

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/

https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider

https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

https://www.trendmicro.com/en_us/research/24/k/earth-estries.html

https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/

https://isc.sans.edu/diary/rss/31384

https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/

https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit

https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html

https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html

https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation

https://services.google.com/fh/files/misc/m-trends-2024.pdf

https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks

https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/

https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/

https://www.darkreading.com/vulnerabilities-threats/volt-typhoon-hits-multiple-electric-cos-expands-cyber-activity

https://hub.dragos.com/hubfs/116-Datasheets/Dragos_IntelBrief_VOLTZITE_FINAL.pdf

https://www.bleepingcomputer.com/news/security/newest-ivanti-ssrf-zero-day-now-under-mass-exploitation/

https://www.infosecurity-magazine.com/news/rust-payloads-ivanti-zero-days/

https://www.cisa.gov/news-events/directives/ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure-vulnerabilities

https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/

https://meterpreter.org/mandiant-uncovers-unc5221-stealthy-hackers-bypass-vpn-defenses-with-malware-arsenal/

https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-now-under-mass-exploitation/

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/

https://infosec.exchange/@[email protected]/111732557655576182

https://www.bleepingcomputer.com/news/security/new-ivanti-rce-flaw-may-impact-16-000-exposed-vpn-gateways/

https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-exploited-to-deploy-custom-malware/

https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

https://www.tenable.com/blog/verizon-2025-dbir-tenable-research-collaboration

https://www.tenable.com/blog/salt-typhoon-an-analysis-of-vulnerabilities-exploited-by-this-state-sponsored-actor

https://www.tenable.com/blog/cve-2025-0282-ivanti-connect-secure-zero-day-vulnerability-exploited-in-the-wild

https://www.tenable.com/blog/cve-2024-7593-ivanti-virtual-traffic-manager-authentication-bypass-vulnerability

https://www.tenable.com/blog/cve-2023-46805-cve-2024-21887-cve-2024-21888-and-cve-2024-21893-frequently-asked-questions

https://www.tenable.com/blog/cve-2023-46805-cve-2024-21887-zero-day-vulnerabilities-exploited-in-ivanti-connect-secure-and

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2024-01-12

Updated: 2025-01-27

Named Vulnerability: ConnectAroundKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N

Severity: High

CVSS v3

Base Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity: High

CVSS v4

Base Score: 9.2

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Severity: Critical

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Concern

Detections

Analytics