攻击者可构造恶意请求绕过身份认证,结合相关功能造成远程代码执行。
CVE-2023-46805:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46805
官方公告:https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
22.1 <= ivanti connect_secure <= 22.6 9.0 <= ivanti connect_secure <= 9.1 22.1 <= ivanti policy_secure <= 22.6 9.0 <= ivanti policy_secure <= 9.1
ivanti connect_secure > 22.6 ivanti policy_secure > 22.6
扫一扫订阅