CVE-2023-46805

CVE Database · CVE-2023-46805

CVE-2023-46805

· HIGHAnalyzed

CVSS v3.1

8.2

EPSS

99.99%

Published

Jan 12, 2024

Modified

Oct 31, 2025

CISA Known Exploited Vulnerability

Added: 2024-01-10 · Due: 2024-01-22

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (10)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCduy-31/CVE-2023-46805_CVE-2024-21887★23 GitHub PoCChocapikk/CVE-2023-46805★13 GitHub PoCseajaysec/Ivanti-Connect-Around-Scan★12 GitHub PoCyoryio/CVE-2023-46805★10 GitHub PoCcbeek-r7/CVE-2023-46805★5 GitHub PoCraminkarimkhani1996/CVE-2023-46805_CVE-2024-21887★5 GitHub PoCHexastrike/Ivanti-Connect-Secure-Logs-Parser★5 GitHub PoCw2xim3/CVE-2023-46805★2

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Weaknesses (CWE)

CWE-287

Affected Products (81)

ivanti · connect_securevulnerable

References (5)

http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Vendor Advisory

http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs