CVE-2023-41719

Опубликовано: 14 дек. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.

Ссылки

https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US
Release Notes
Vendor Advisory
https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:ivanti:connect_secure:22.5:r1.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r18.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r18.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03146

Низкий

7.2 High

CVSS3

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-9c65-wx34-mg83

CVSS3: 7.2

github

около 2 лет назад

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.

EPSS

Процентиль: 87%

0.03146

Низкий

7.2 High

CVSS3

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo