.. / CVE-2023-46805

Exploit for Ivanti ICS - Authentication Bypass (CVE-2023-46805)

Description:

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Nuclei Template

View the template here CVE-2023-46805.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-46805.yaml
Copy

References:

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
https://github.com/inguardians/ivanti-VPN-issues-2024-research
http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
https://github.com/H4lo/awesome-IoT-security-article
https://nvd.nist.gov/vuln/detail/CVE-2023-46805