CVE-2023-46805

critical

Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

From the Tenable Blog

CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

Published: 2024-01-31

Frequently asked questions for five CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days.

CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways

Published: 2024-01-11

Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors.

References

https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/

https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider

https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

https://www.trendmicro.com/en_us/research/24/k/earth-estries.html

https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/

https://isc.sans.edu/diary/rss/31384

https://www.tenable.com/blog/cve-2024-7593-ivanti-virtual-traffic-manager-authentication-bypass-vulnerability

https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/

https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit

https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html

https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html

https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation

https://services.google.com/fh/files/misc/m-trends-2024.pdf

https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks

https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/

https://www.bleepingcomputer.com/news/security/new-ivanti-rce-flaw-may-impact-16-000-exposed-vpn-gateways/

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/

https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/

https://www.darkreading.com/vulnerabilities-threats/volt-typhoon-hits-multiple-electric-cos-expands-cyber-activity

https://hub.dragos.com/hubfs/116-Datasheets/Dragos_IntelBrief_VOLTZITE_FINAL.pdf

https://www.bleepingcomputer.com/news/security/newest-ivanti-ssrf-zero-day-now-under-mass-exploitation/

https://www.tenable.com/blog/cve-2023-46805-cve-2024-21887-cve-2024-21888-and-cve-2024-21893-frequently-asked-questions

https://www.infosecurity-magazine.com/news/rust-payloads-ivanti-zero-days/

https://www.cisa.gov/news-events/directives/ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure-vulnerabilities

https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/

https://meterpreter.org/mandiant-uncovers-unc5221-stealthy-hackers-bypass-vpn-defenses-with-malware-arsenal/

https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-now-under-mass-exploitation/

https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-exploited-to-deploy-custom-malware/

https://www.tenable.com/blog/cve-2023-46805-cve-2024-21887-zero-day-vulnerabilities-exploited-in-ivanti-connect-secure-and

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/

https://infosec.exchange/@[email protected]/111732557655576182

https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2024-01-12

Updated: 2024-06-10

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N

Severity: High

CVSS v3

Base Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity: High

CVSS v4

Base Score: 9.2

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Severity: Critical