Detections
Analytics
CVE-2023-46805
critical
Description
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
From the Tenable Blog
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Published: 2024-01-31
Frequently asked questions for five CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days.
CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
Published: 2024-01-11
Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors.
References
https://therecord.media/cisa-ivanti-firewall-bug-exploitation
https://www.darkreading.com/vulnerabilities-threats/china-linked-threat-group-exploits-ivanti-bug
https://cyberscoop.com/china-espionage-group-ivanti-vulnerability-exploits/
https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/
https://cyberscoop.com/edge-device-vulnerabilities-fuel-attack-sprees/
https://www.securityweek.com/exploitation-of-new-ivanti-vpn-zero-day-linked-to-chinese-cyberspies/
https://therecord.media/china-espionage-ivanti-vulnerabilities-mandiant
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/
https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider
https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html
https://www.trendmicro.com/en_us/research/24/k/earth-estries.html
https://isc.sans.edu/diary/rss/31384
https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/
https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit
https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html
https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html
https://services.google.com/fh/files/misc/m-trends-2024.pdf
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
https://hub.dragos.com/hubfs/116-Datasheets/Dragos_IntelBrief_VOLTZITE_FINAL.pdf
https://www.infosecurity-magazine.com/news/rust-payloads-ivanti-zero-days/
https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/
https://infosec.exchange/@[email protected]/111732557655576182
Details
Published: 2024-01-12
Updated: 2025-01-27
Named Vulnerability: ConnectAroundKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 8.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N
Severity: High
CVSS v3
Base Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Severity: High
CVSS v4
Base Score: 9.2
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
Severity: Critical
EPSS
EPSS: 0.94398
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Concern