一、 漏洞 CVE-2023-46805 基础信息
漏洞信息
                                        # N/A

## 漏洞概述
在Ivanti ICS 9.x, 22.x和Ivanti Policy Secure的web组件中发现了一个身份验证绕过漏洞。该漏洞允许远程攻击者绕过控制检查,访问受限制的资源。

## 影响版本
- Ivanti ICS 9.x
- Ivanti ICS 22.x
- Ivanti Policy Secure

## 漏洞细节
攻击者可以通过绕过身份验证过程,直接访问到受限制的资源。这主要是由于web组件中的控制检查机制存在缺陷。

## 漏洞影响
成功利用此漏洞的攻击者可以访问受保护的数据和资源,可能导致数据泄露、非法操作等安全风险。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Ivanti ICS 授权问题漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Ivanti ICS是美国Ivanti公司的一代远程安全访问产品。 Ivanti ICS 9.x版本、22.x版本、Ivanti Policy Secure存在授权问题漏洞,该漏洞源于 Web 组件中存在身份验证绕过漏洞。攻击者利用该漏洞可以绕过控制检查来访问受限资源。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2023-46805 的公开POC
# POC 描述 源链接 神龙链接
1 Quick scanner for possible vulnerable Ivanti Connect Secure appliances by country using Shodan. https://github.com/yoryio/CVE-2023-46805_CVE-2024-21887_Scanner POC详情
2 Simple scanner for scanning a list of ip-addresses for vulnerable Ivanti Pulse Secure devices https://github.com/cbeek-r7/CVE-2023-46805 POC详情
3 Tool for checking the Ivanti Connect Secure System Snapshot for IOCs related to CVE-2023-46805 and CVE-2024-21887 https://github.com/rxwx/pulse-meter POC详情
4 None https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887 POC详情
5 Here is a script to check vulns CVE-2023-46805 and CVE-2024-21887 https://github.com/TheRedDevil1/Check-Vulns-Script POC详情
6 The script in this repository only checks whether the vulnerabilities specified in the Ivanti Connect Secure product exist. https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887 POC详情
7 CVE-2023-46805 scanner for possible vulnerable Ivanti Connect Secure appliances by country using Shodan. https://github.com/yoryio/CVE-2023-46805 POC详情
8 Mitigation validation utility for the Ivanti Connect Around attack chain, comprising CVE-2023-46805 and CVE-2024-21887. https://github.com/seajaysec/Ivanti-Connect-Around-Scan POC详情
9 Ivanti Pulse Secure CVE-2023-46805 Scanner - Based on Assetnote's Research https://github.com/Chocapikk/CVE-2023-46805 POC详情
10 None https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped POC详情
11 CVE-2023-46805 Ivanti POC RCE - Ultra fast scanner. https://github.com/w2xim3/CVE-2023-46805 POC详情
12 Ivanti ICS - Authentication Bypass https://github.com/Cappricio-Securities/CVE-2023-46805 POC详情
13 None https://github.com/maybeheisenberg/CVE-2023-46805 POC详情
14 A Python script for examining Ivanti Secure Connect (ICS) event logs, designed to support investigations into vulnerabilities CVE-2025-0282, CVE-2023-46805, and CVE-2024-21887. https://github.com/Hexastrike/Ivanti-Secure-Connect-Logs-Parser POC详情
15 A Python script for examining Ivanti Secure Connect (ICS) event logs, designed to support investigations into vulnerabilities CVE-2025-0282, CVE-2023-46805, and CVE-2024-21887. https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser POC详情
16 An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-46805.yaml POC详情
三、漏洞 CVE-2023-46805 的情报信息
四、漏洞 CVE-2023-46805 的评论

暂无评论

发表评论