Main Vulnerability Database Exploits ID:11911 - Exploit for Improper Authentication in Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure (formerly Pulse Policy Secure) - CVE-2023-46805

ID:11911 - Exploit for Improper Authentication in Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure (formerly Pulse Policy Secure) - CVE-2023-46805

Published: August 30, 2025

Vulnerability identifier: #VU85286

Vulnerability risk: Critical

CVE-ID: CVE-2023-46805

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Policy Secure (formerly Pulse Policy Secure)

Link to public exploit:

https://github.com/cbeek-r7/CVE-2023-46805

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

ID:11911 - Exploit for Improper Authentication in Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure (formerly Pulse Policy Secure) - CVE-2023-46805

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human