Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41720

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.

Published

2023-12-14T02:15:12.670

Last Modified

2024-11-21T08:21:32.593

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	connect_secure	22.1	Yes
Application	ivanti	connect_secure	22.1	Yes
Application	ivanti	connect_secure	22.2	Yes
Application	ivanti	connect_secure	22.2	Yes
Application	ivanti	connect_secure	22.3	Yes
Application	ivanti	connect_secure	22.4	Yes
Application	ivanti	connect_secure	22.4	Yes
Application	ivanti	connect_secure	22.4	Yes
Application	ivanti	connect_secure	22.5	Yes
Application	ivanti	connect_secure	22.5	Yes
Application	ivanti	connect_secure	22.6	Yes
Application	ivanti	connect_secure	22.6	Yes

References

https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US Release Notes ([email protected])
https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US Release Notes (af854a3a-2127-422b-91ae-364da2661108)