CVE-2023-41719
HIGHIvanti Connect Secure < 22.6R2 - Remote Code Execution via Administrator Impersonation
Title source: llmDescription
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory
https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US
Scores
CVSS v3
7.2
EPSS
0.0315
EPSS Percentile
87.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (9)
ivanti/connect_secure
21.9 r1
ivanti/connect_secure
21.12 r1
ivanti/connect_secure
22.1 r1 (2 CPE variants)
ivanti/connect_secure
22.2 r1
ivanti/connect_secure
22.3 r1
ivanti/connect_secure
22.4 r1
ivanti/connect_secure
22.5 r1.1 (2 CPE variants)
ivanti/connect_secure
22.6 (2 CPE variants)
ivanti/connect_secure
9.1 r1 (39 CPE variants)
Published
Dec 14, 2023
Tracked Since
Feb 18, 2026