top of page

Ivanti ICS and Ivanti Policy Secure Security Bypass (CVE-2023-46805)

Application Details

Ivanti Connect Secure (ICS) is a secure access product which offers secure connection between remote users and their organisation’s wider network.

Ivanti Policy Secure (IPS) is a network access control (NAC) solution which provides network access only to authorised and secured users and devices.


Ivanti Connect Secure (formerly Pulse Secure) and Ivanti Policy Secure gateways could allow a remote attacker to bypass security restrictions, caused by an authentication bypass vulnerability in the web component.


By bypassing control checks, an attacker could exploit this vulnerability to access restricted resources.

GET /api/v1/totp/user-backup-code/../../system/system-information


By turning this into a traffic file and matching rule, we are able to detect attempts by unauthenticated attackers to bypass security restrictions.


Idappcom has created signature 8024541 along with a traffic file for this vulnerability.


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here:


bottom of page