PatchSiren cyber security CVE debrief
CVE-2023-46805 Ivanti CVE debrief
CVE-2023-46805 is an Ivanti Connect Secure and Policy Secure authentication bypass that CISA lists in the Known Exploited Vulnerabilities catalog. The KEV entry marks it as known exploited and notes known ransomware campaign use, so defenders should treat it as an active, high-priority issue.
- Vendor
- Ivanti
- Product
- Connect Secure and Policy Secure
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2024-01-10
- Original CVE updated
- 2024-01-10
- Advisory published
- 2024-01-10
- Advisory updated
- 2024-01-10
Who should care
Security teams responsible for Ivanti Connect Secure and Policy Secure gateways, especially internet-facing deployments, should prioritize this CVE. Incident response, vulnerability management, and network operations teams should also pay attention because CISA identifies the issue as known exploited.
Technical summary
According to the supplied CISA KEV metadata and official CVE/NVD records, CVE-2023-46805 is an authentication bypass vulnerability in Ivanti Connect Secure and Policy Secure. CISA added it to the KEV catalog on 2024-01-10 and marked it as known exploited, with known ransomware campaign use. The supplied corpus does not include exploit mechanics or vendor remediation specifics beyond applying mitigations per vendor instructions or discontinuing use if mitigations are unavailable.
Defensive priority
Immediate. CISA KEV inclusion and known ransomware campaign use indicate this issue should be treated as a top-priority remediation item for exposed Ivanti deployments.
Recommended defensive actions
- Apply mitigations according to Ivanti's vendor guidance as soon as possible.
- If mitigations are unavailable or cannot be implemented quickly, discontinue use of the affected product as CISA recommends.
- Validate whether any exposed Ivanti Connect Secure or Policy Secure instances are internet-facing and prioritize them first.
- Review official vendor and NVD records for current status, updates, and any linked remediation guidance.
- Increase monitoring for authentication anomalies and other signs of unauthorized access on affected appliances.
Evidence notes
This debrief is based on the supplied CISA KEV entry dated 2024-01-10, which identifies CVE-2023-46805 as a known exploited authentication bypass affecting Ivanti Connect Secure and Policy Secure and notes known ransomware campaign use. Timing context uses the provided CVE published date and KEV date added date only. No exploit details or unsupported mitigation steps are included.
Official resources
-
CVE-2023-46805 CVE record
CVE.org
-
CVE-2023-46805 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Prepared from the supplied CISA KEV metadata and official vulnerability record links only. No exploit instructions, proof-of-concept content, or unsupported vendor-specific remediation claims are included.