Listen to this Post
How the mentioned CVE works:
CVE-2023-46805 is an authentication bypass vulnerability within the web component of Ivanti Connect Secure and Policy Secure gateways. The flaw exists in how the application handles requests to specific API endpoints. An unauthenticated, remote attacker can craft a malicious HTTP request that targets a vulnerable path, such as /api/v1/totp/user-backup-code/../../. By utilizing a path traversal sequence (../), the attacker can bypass the normal authentication checks and gain direct access to restricted administrator functionalities. This allows the attacker to execute arbitrary commands on the underlying operating system with the highest privileges, effectively granting full control over the appliance without requiring valid credentials. The vulnerability stems from insufficient input sanitization, which fails to neutralize the traversal sequences before the request is processed by the backend service.
DailyCVE Form:
Platform: Ivanti Connect Secure
Version: 9.x, 22.x
Vulnerability: Authentication Bypass
Severity: Critical
Date: 2024-01-10
Prediction: Patch Available
What Undercode Say:
curl -k "https://<target>/api/v1/totp/user-backup-code/../../<restricted-endpoint>"
nmap -p 443 --script http-vuln-cve2023-46805 <target>
import requests
response = requests.get('https://target/api/v1/configuration/../admin/system-commands', verify=False)
How Exploit:
Craft malicious GET request.
Use path traversal sequences.
Target vulnerable API endpoints.
Bypasses authentication completely.
Gains administrative access.
Protection from this CVE:
Apply vendor patches immediately.
Utilize Ivanti’s Integrity Checker.
Segment network access.
Implement web application firewall.
Monitor for exploitation attempts.
Impact:
Full system compromise.
Arbitrary code execution.
Data exfiltration potential.
Persistence establishment.
Critical information disclosure.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
