cve/2023/CVE-2023-46805.md

### [CVE-2023-46805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46805)
![](https://img.shields.io/static/v1?label=Product&message=ICS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=IPS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=9.1R18%3C%3D%209.1R18%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

### POC

#### Reference
- http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html

#### Github
- https://github.com/20142995/sectool
- https://github.com/Cappricio-Securities/CVE-2023-46805
- https://github.com/Chocapikk/CVE-2023-46805
- https://github.com/H4lo/awesome-IoT-security-article
- https://github.com/HiS3/Ivanti-ICT-Snapshot-decryption
- https://github.com/Ostorlab/KEV
- https://github.com/TheRedDevil1/Check-Vulns-Script
- https://github.com/cbeek-r7/CVE-2023-46805
- https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887
- https://github.com/emo-crab/attackerkb-api-rs
- https://github.com/farukokutan/Threat-Intelligence-Research-Reports
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/inguardians/ivanti-VPN-issues-2024-research
- https://github.com/jake-44/Research
- https://github.com/jamesfed/0DayMitigations
- https://github.com/jaredfolkins/5min-cyber-notes
- https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887
- https://github.com/rxwx/pulse-meter
- https://github.com/seajaysec/Ivanti-Connect-Around-Scan
- https://github.com/stephen-murcott/Ivanti-ICT-Snapshot-decryption
- https://github.com/tanjiti/sec_profile
- https://github.com/toxyl/lscve
- https://github.com/w2xim3/CVE-2023-46805
- https://github.com/yoryio/CVE-2023-46805
- https://github.com/zwxxb/CVE-2023-21887
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-46805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46805)`
			`![](https://img.shields.io/static/v1?label=Product&message=ICS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=IPS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=9.1R18%3C%3D%209.1R18%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html`

			`#### Github`
			`- https://github.com/20142995/sectool`
Update CVE sources 2024-06-10 07:22 2024-06-10 07:22:43 +00:00			`- https://github.com/Cappricio-Securities/CVE-2023-46805`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/Chocapikk/CVE-2023-46805`
			`- https://github.com/H4lo/awesome-IoT-security-article`
			`- https://github.com/HiS3/Ivanti-ICT-Snapshot-decryption`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/TheRedDevil1/Check-Vulns-Script`
			`- https://github.com/cbeek-r7/CVE-2023-46805`
			`- https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887`
			`- https://github.com/emo-crab/attackerkb-api-rs`
			`- https://github.com/farukokutan/Threat-Intelligence-Research-Reports`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
			`- https://github.com/inguardians/ivanti-VPN-issues-2024-research`
			`- https://github.com/jake-44/Research`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/jamesfed/0DayMitigations`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/jaredfolkins/5min-cyber-notes`
			`- https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887`
			`- https://github.com/rxwx/pulse-meter`
			`- https://github.com/seajaysec/Ivanti-Connect-Around-Scan`
			`- https://github.com/stephen-murcott/Ivanti-ICT-Snapshot-decryption`
			`- https://github.com/tanjiti/sec_profile`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/toxyl/lscve`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/w2xim3/CVE-2023-46805`
			`- https://github.com/yoryio/CVE-2023-46805`
			`- https://github.com/zwxxb/CVE-2023-21887`