CVE-2023-46805 added to CISA KEV: Ivanti Connect Secure and Policy Secure
Status: ✅ Confirmed exploited in the wild
Date added: 2024-01-10
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date: 2024-01-22
Why this matters
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.