CVE-2023-41720

Published: Dec 14, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.

Affected (12)

Products: Ivanti: Connect Secure

Ivanti

1 product

Connect Secure

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 22.1 r1
Ivanti Connect Secure	Version 22.1 r6
Ivanti Connect Secure	Version 22.2
Ivanti Connect Secure	Version 22.2 r1
Ivanti Connect Secure	Version 22.3 r1
Ivanti Connect Secure	Version 22.4 r1
Ivanti Connect Secure	Version 22.4 r2.1
Ivanti Connect Secure	Version 22.4 r2.2
Ivanti Connect Secure	Version 22.5 r1.1
Ivanti Connect Secure	Version 22.5 r2.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 22.6
Ivanti Connect Secure	Version 22.6 r1

References (2)

https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US

Source: support@hackerone.com

Release Notes

https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.