CVE-2023-46805: Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
First published: Wed Jan 10 2024(Updated: )
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Connect Secure | ||
| Ivanti Pulse Connect Secure | =9.0 | |
| Ivanti Pulse Connect Secure | =9.1-r1 | |
| Ivanti Pulse Connect Secure | =9.1-r10 | |
| Ivanti Pulse Connect Secure | =9.1-r11 | |
| Ivanti Pulse Connect Secure | =9.1-r11.3 | |
| Ivanti Pulse Connect Secure | =9.1-r11.4 | |
| Ivanti Pulse Connect Secure | =9.1-r11.5 | |
| Ivanti Pulse Connect Secure | =9.1-r12 | |
| Ivanti Pulse Connect Secure | =9.1-r12.1 | |
| Ivanti Pulse Connect Secure | =9.1-r13 | |
| Ivanti Pulse Connect Secure | =9.1-r13.1 | |
| Ivanti Pulse Connect Secure | =9.1-r14 | |
| Ivanti Pulse Connect Secure | =9.1-r15 | |
| Ivanti Pulse Connect Secure | =9.1-r15.2 | |
| Ivanti Pulse Connect Secure | =9.1-r16 | |
| Ivanti Pulse Connect Secure | =9.1-r16.1 | |
| Ivanti Pulse Connect Secure | =9.1-r17 | |
| Ivanti Pulse Connect Secure | =9.1-r17.1 | |
| Ivanti Pulse Connect Secure | =9.1-r18 | |
| Ivanti Pulse Connect Secure | =9.1-r2 | |
| Ivanti Pulse Connect Secure | =9.1-r3 | |
| Ivanti Pulse Connect Secure | =9.1-r4 | |
| Ivanti Pulse Connect Secure | =9.1-r4.1 | |
| Ivanti Pulse Connect Secure | =9.1-r4.2 | |
| Ivanti Pulse Connect Secure | =9.1-r4.3 | |
| Ivanti Pulse Connect Secure | =9.1-r5 | |
| Ivanti Pulse Connect Secure | =9.1-r6 | |
| Ivanti Pulse Connect Secure | =9.1-r7 | |
| Ivanti Pulse Connect Secure | =9.1-r8 | |
| Ivanti Pulse Connect Secure | =9.1-r8.1 | |
| Ivanti Pulse Connect Secure | =9.1-r8.2 | |
| Ivanti Pulse Connect Secure | =9.1-r9 | |
| Ivanti Pulse Connect Secure | =9.1-r9.1 | |
| Ivanti Pulse Connect Secure | =22.1-r1 | |
| Ivanti Pulse Connect Secure | =22.1-r6 | |
| Ivanti Pulse Connect Secure | =22.2 | |
| Ivanti Pulse Connect Secure | =22.2-r1 | |
| Ivanti Pulse Connect Secure | =22.3-r1 | |
| Ivanti Pulse Connect Secure | =22.4-r1 | |
| Ivanti Pulse Connect Secure | =22.4-r2.1 | |
| Ivanti Pulse Connect Secure | =22.5-r2.1 | |
| Ivanti Pulse Connect Secure | =22.6 | |
| Ivanti Pulse Connect Secure | =22.6-r1 | |
| Ivanti Pulse Connect Secure | =22.6-r2 | |
| Pulse Policy Secure | =9.0 | |
| Pulse Policy Secure | =9.1-r1 | |
| Pulse Policy Secure | =9.1-r10 | |
| Pulse Policy Secure | =9.1-r11 | |
| Pulse Policy Secure | =9.1-r12 | |
| Pulse Policy Secure | =9.1-r13 | |
| Pulse Policy Secure | =9.1-r13.1 | |
| Pulse Policy Secure | =9.1-r14 | |
| Pulse Policy Secure | =9.1-r15 | |
| Pulse Policy Secure | =9.1-r16 | |
| Pulse Policy Secure | =9.1-r17 | |
| Pulse Policy Secure | =9.1-r18 | |
| Pulse Policy Secure | =9.1-r2 | |
| Pulse Policy Secure | =9.1-r3 | |
| Pulse Policy Secure | =9.1-r3.1 | |
| Pulse Policy Secure | =9.1-r4 | |
| Pulse Policy Secure | =9.1-r4.1 | |
| Pulse Policy Secure | =9.1-r4.2 | |
| Pulse Policy Secure | =9.1-r5 | |
| Pulse Policy Secure | =9.1-r6 | |
| Pulse Policy Secure | =9.1-r7 | |
| Pulse Policy Secure | =9.1-r8 | |
| Pulse Policy Secure | =9.1-r8.1 | |
| Pulse Policy Secure | =9.1-r8.2 | |
| Pulse Policy Secure | =9.1-r9 | |
| Pulse Policy Secure | =22.1-r1 | |
| Pulse Policy Secure | =22.1-r6 | |
| Pulse Policy Secure | =22.2-r1 | |
| Pulse Policy Secure | =22.2-r3 | |
| Pulse Policy Secure | =22.3-r1 | |
| Pulse Policy Secure | =22.3-r3 | |
| Pulse Policy Secure | =22.4-r1 | |
| Pulse Policy Secure | =22.4-r2 | |
| Pulse Policy Secure | =22.4-r2.1 | |
| Pulse Policy Secure | =22.5-r1 | |
| Pulse Policy Secure | =22.5-r2.1 | |
| Pulse Policy Secure | =22.6-r1 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/cisa-critical-ivanti-auth-bypass-bug-now-actively-exploited/
- https://www.bleepingcomputer.com/news/security/cisa-emergency-directive-mitigate-ivanti-zero-days-immediately/
- https://www.bleepingcomputer.com/news/security/ivanti-connect-secure-zero-days-now-under-mass-exploitation/
- https://www.theregister.com/2024/01/13/ivanti_zeroday_mandiant_analysis/
- https://www.bleepingcomputer.com/news/security/ivanti-vpn-appliances-vulnerable-if-pushing-configs-after-mitigation/
- https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-zero-day-exploited-in-attacks/
- https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-disconnect-ivanti-vpn-appliances-by-saturday/
- https://www.bleepingcomputer.com/news/security/newest-ivanti-ssrf-zero-day-now-under-mass-exploitation/
- https://www.theregister.com/2024/02/05/ivanti_zero_day/
- https://www.bleepingcomputer.com/news/security/ivanti-patch-new-connect-secure-auth-bypass-bug-immediately/
- https://www.bleepingcomputer.com/news/security/over-13-000-ivanti-gateways-vulnerable-to-actively-exploited-bugs/
- https://www.bleepingcomputer.com/news/security/cisa-warns-against-using-hacked-ivanti-devices-even-after-factory-resets/
- https://www.bleepingcomputer.com/news/security/cisa-cautions-against-using-hacked-ivanti-vpn-gateways-even-after-factory-resets/
- https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/
- https://www.bleepingcomputer.com/news/security/ivanti-fixes-critical-standalone-sentry-bug-reported-by-nato/
- https://www.bleepingcomputer.com/news/security/ivanti-fixes-vpn-gateway-vulnerability-allowing-rce-dos-attacks/
- https://www.theregister.com/2024/04/04/ivanti_secure_by_design/
- https://www.bleepingcomputer.com/news/security/new-ivanti-rce-flaw-may-impact-16-000-exposed-vpn-gateways/
- https://www.bleepingcomputer.com/news/security/mitre-says-state-hackers-breached-its-network-via-ivanti-zero-days/
- https://www.bleepingcomputer.com/news/security/chemical-facilities-warned-of-possible-data-theft-in-cisa-csat-breach/
- https://www.theregister.com/2024/06/25/cisa_ivanti_chemical_facilities/
- https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-vtm-auth-bypass-with-public-exploit/
- https://www.bleepingcomputer.com/news/security/ivanti-fixes-maximum-severity-rce-bug-in-endpoint-management-software/
- https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/
- https://www.theregister.com/2025/01/23/proxylogon_flaw_salt_typhoons_open/
- https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
- http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
- https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
- https://nvd.nist.gov/vuln/detail/CVE-2023-46805
- https://www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/
- https://www.theregister.com/2025/04/03/suspected_chines_snoops_hijacked_buggy/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2023-46805?
CVE-2023-46805 is rated as critical due to its potential for authentication bypass, allowing unrestricted access to sensitive information.
What versions are affected by CVE-2023-46805?
CVE-2023-46805 affects Ivanti Connect Secure and Ivanti Policy Secure versions 9.x and 22.x.
How do I fix CVE-2023-46805?
To remediate CVE-2023-46805, users should upgrade to the latest patched versions of Ivanti Connect Secure and Ivanti Policy Secure.
What type of vulnerability is CVE-2023-46805?
CVE-2023-46805 is an authentication bypass vulnerability in the web component of Ivanti's software.
Who can exploit CVE-2023-46805?
CVE-2023-46805 can be exploited by remote attackers without requiring authentication, making it particularly dangerous.
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/type
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2023-35082
- alias/CVE-2023-46805
- alias/CVE-2024-21887
- alias/CVE-2021-22893
- alias/CVE-2023-35078
- alias/CVE-2023-35081
- alias/CVE-2023-38035
- agent/description
- collector/the-register
- source/The Register
- alias/CVE-2024-21893
- alias/CVE-2024-21888
- alias/CVE-2024-22024
- alias/CVE-2023-41265
- alias/CVE-2023-41266
- alias/CVE-2023-48365
- alias/CVE-2022-24086
- agent/severity
- alias/CVE-2023-41724
- alias/CVE-2023-46808
- alias/CVE-2024-21894
- alias/CVE-2024-7593
- alias/CVE-2024-7569
- agent/author
- alias/CVE-2024-29847
- alias/CVE-2023-39336
- alias/CVE-2023-48788
- alias/CVE-2022-3236
- alias/CVE-2021-26855
- alias/CVE-2021-26857
- alias/CVE-2021-26858
- alias/CVE-2021-27065
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/softwarecombine
- alias/CVE-2025-22457
- alias/CVE-2025-0282
- agent/references
- agent/weakness
- agent/tags
- agent/event
- agent/trending
- alias/CVE-2023-4966
- agent/news-ai
- vendor/ivanti
- canonical/ivanti connect secure
- canonical/ivanti pulse connect secure
- version/ivanti pulse connect secure/9.0
- version/ivanti pulse connect secure/9.1-r1
- version/ivanti pulse connect secure/9.1-r10
- version/ivanti pulse connect secure/9.1-r11
- version/ivanti pulse connect secure/9.1-r11.3
- version/ivanti pulse connect secure/9.1-r11.4
- version/ivanti pulse connect secure/9.1-r11.5
- version/ivanti pulse connect secure/9.1-r12
- version/ivanti pulse connect secure/9.1-r12.1
- version/ivanti pulse connect secure/9.1-r13
- version/ivanti pulse connect secure/9.1-r13.1
- version/ivanti pulse connect secure/9.1-r14
- version/ivanti pulse connect secure/9.1-r15
- version/ivanti pulse connect secure/9.1-r15.2
- version/ivanti pulse connect secure/9.1-r16
- version/ivanti pulse connect secure/9.1-r16.1
- version/ivanti pulse connect secure/9.1-r17
- version/ivanti pulse connect secure/9.1-r17.1
- version/ivanti pulse connect secure/9.1-r18
- version/ivanti pulse connect secure/9.1-r2
- version/ivanti pulse connect secure/9.1-r3
- version/ivanti pulse connect secure/9.1-r4
- version/ivanti pulse connect secure/9.1-r4.1
- version/ivanti pulse connect secure/9.1-r4.2
- version/ivanti pulse connect secure/9.1-r4.3
- version/ivanti pulse connect secure/9.1-r5
- version/ivanti pulse connect secure/9.1-r6
- version/ivanti pulse connect secure/9.1-r7
- version/ivanti pulse connect secure/9.1-r8
- version/ivanti pulse connect secure/9.1-r8.1
- version/ivanti pulse connect secure/9.1-r8.2
- version/ivanti pulse connect secure/9.1-r9
- version/ivanti pulse connect secure/9.1-r9.1
- version/ivanti pulse connect secure/22.1-r1
- version/ivanti pulse connect secure/22.1-r6
- version/ivanti pulse connect secure/22.2
- version/ivanti pulse connect secure/22.2-r1
- version/ivanti pulse connect secure/22.3-r1
- version/ivanti pulse connect secure/22.4-r1
- version/ivanti pulse connect secure/22.4-r2.1
- version/ivanti pulse connect secure/22.5-r2.1
- version/ivanti pulse connect secure/22.6
- version/ivanti pulse connect secure/22.6-r1
- version/ivanti pulse connect secure/22.6-r2
- canonical/pulse policy secure
- version/pulse policy secure/9.0
- version/pulse policy secure/9.1-r1
- version/pulse policy secure/9.1-r10
- version/pulse policy secure/9.1-r11
- version/pulse policy secure/9.1-r12
- version/pulse policy secure/9.1-r13
- version/pulse policy secure/9.1-r13.1
- version/pulse policy secure/9.1-r14
- version/pulse policy secure/9.1-r15
- version/pulse policy secure/9.1-r16
- version/pulse policy secure/9.1-r17
- version/pulse policy secure/9.1-r18
- version/pulse policy secure/9.1-r2
- version/pulse policy secure/9.1-r3
- version/pulse policy secure/9.1-r3.1
- version/pulse policy secure/9.1-r4
- version/pulse policy secure/9.1-r4.1
- version/pulse policy secure/9.1-r4.2
- version/pulse policy secure/9.1-r5
- version/pulse policy secure/9.1-r6
- version/pulse policy secure/9.1-r7
- version/pulse policy secure/9.1-r8
- version/pulse policy secure/9.1-r8.1
- version/pulse policy secure/9.1-r8.2
- version/pulse policy secure/9.1-r9
- version/pulse policy secure/22.1-r1
- version/pulse policy secure/22.1-r6
- version/pulse policy secure/22.2-r1
- version/pulse policy secure/22.2-r3
- version/pulse policy secure/22.3-r1
- version/pulse policy secure/22.3-r3
- version/pulse policy secure/22.4-r1
- version/pulse policy secure/22.4-r2
- version/pulse policy secure/22.4-r2.1
- version/pulse policy secure/22.5-r1
- version/pulse policy secure/22.5-r2.1
- version/pulse policy secure/22.6-r1