What is CVE-2023-46805?

CVE-2023-46805 is a high-severity authentication bypass vulnerability affecting Ivanti Connect Secure and Policy Secure. Attackers can exploit this flaw to access restricted resources without proper authentication. Organizations must prioritize remediation to mitigate risks associated with this vulnerability.

What is the severity of CVE-2023-46805?

CVE-2023-46805 has a severity rating of HIGH with a CVSS base score of 8.2.

CVE-2023-46805 | High Vulnerability in Ivanti Connect Secure and Policy Secure

Q: Is CVE-2023-46805 in CISA KEV?

Yes. CVE-2023-46805 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2023-46805 is a high-severity authentication bypass vulnerability in the web component of Ivanti Connect Secure (ICS) versions 9.x and 22.x, as well as Ivanti Policy Secure. This vulnerability allows a remote attacker to access restricted resources by bypassing control checks, posing significant security risks to organizations using these products. The Common Vulnerability Scoring System (CVSS) score of 8.2 indicates a high level of severity, highlighting the importance of immediate action. Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability.

The potential risk to organizations includes unauthorized access to sensitive information and resources. Given the nature of the vulnerability, attackers may exploit it to gain control over critical components of an organization's infrastructure. The urgency for defenders is heightened, especially considering the existence of known ransomware campaigns that leverage this vulnerability. Organizations must act swiftly to protect their environments and limit the potential impact of exploitation.

Based on the threat intelligence gathered, this vulnerability is actively exploited in the wild, as indicated by its inclusion in the Known Exploited Vulnerabilities (KEV) catalog. Organizations using Ivanti products should be aware of the possibility of exploitation and take appropriate measures to secure their systems.

In summary, CVE-2023-46805 represents a critical vulnerability that requires immediate attention from organizations utilizing Ivanti ICS and Policy Secure products. The combination of its high CVSS score, active exploitation, and potential impact underscores the necessity for timely remediation efforts.

Vulnerability Details

CVE-2023-46805 is characterized as an authentication bypass vulnerability. The official description states that it allows a remote attacker to access restricted resources by bypassing control checks. The CVSS score of 8.2 categorizes it as high severity, indicating a significant risk for affected systems. The vulnerability impacts Ivanti Connect Secure versions 9.x and 22.x, as well as Ivanti Policy Secure. The vulnerability was published on January 12, 2024, and is classified under CWE-287.

Technical Analysis

The root cause of CVE-2023-46805 lies in the improper implementation of authentication controls within the web components of Ivanti Connect Secure and Policy Secure. Attackers can exploit this vulnerability over a network, as the attack vector is classified as network-based. The attack complexity is low, requiring no special privileges or user interaction, making it easier for attackers to exploit.

The confidentiality impact is rated as high, as unauthorized access may expose sensitive data. The integrity impact is low, while there is no availability impact. Organizations using affected versions should prioritize monitoring and securing their systems against potential exploitation.

Risk & Impact Analysis

Organizations using Ivanti products must understand the real-world risks associated with CVE-2023-46805. The vulnerability allows attackers to bypass authentication mechanisms, which could lead to unauthorized access to critical resources. The urgency of addressing this vulnerability is underscored by its inclusion in the KEV catalog, indicating ongoing exploitation in the wild. Organizations should prioritize patching immediately to mitigate these risks, especially those managing sensitive data or critical infrastructure.

The potential blast radius of this vulnerability is significant, as it affects various versions of Ivanti Connect Secure and Policy Secure. Organizations must assess their deployments and implement necessary mitigations to prevent unauthorized access and potential data breaches.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	Yes

Affected Versions

The vulnerability affects several versions of Ivanti Connect Secure and Ivanti Policy Secure, including various releases within the 9.x and 22.x series. Organizations should refer to the specific CPE entries in the CVE details to identify affected versions accurately. If version information is missing, organizations should consider all versions prior to vendor patch.

Mitigation & Remediation

Organizations should apply the vendor's patch as soon as it becomes available. For those unable to apply the patch immediately, it is recommended to implement strict network controls to limit access to the affected systems. Regular monitoring and validation of systems can also help in identifying any unauthorized access attempts. Additionally, organizations may benefit from engaging in penetration testing to assess the effectiveness of their mitigations.

Detection Guidance

Monitoring for unusual authentication attempts and access patterns can help in identifying potential exploitation of this vulnerability. Organizations should review system logs for anomalies that could indicate unauthorized access or exploitation attempts. Additionally, implementing alerts for failed authentication attempts can assist in early detection of exploitation.

AppSecure Threat Intelligence Insight

CVE-2023-46805 exemplifies the critical nature of maintaining robust authentication controls within web applications. The ongoing exploitation of this vulnerability serves as a reminder of the importance of proactive security measures in application deployment. Organizations must remain vigilant and invest in comprehensive security assessments to identify and remediate vulnerabilities before they are exploited.

The lessons learned from this vulnerability highlight the need for continuous monitoring and refinement of security practices. Engaging in penetration testing methodologies can provide organizations with insights into their security posture and readiness against similar vulnerabilities.

Furthermore, the integration of threat intelligence into security operations can enhance an organization's ability to respond to emerging threats. Staying informed about vulnerabilities such as CVE-2023-46805 enables organizations to implement timely mitigations and reduce their exposure to risks.

In conclusion, CVE-2023-46805 represents a significant security risk that necessitates immediate attention and action from affected organizations. By prioritizing patching and incorporating robust security practices, organizations can mitigate the risks associated with this vulnerability.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-46805: High Vulnerability in Ivanti Connect Secure and Policy Secure