CRLF Injection Vulnerability in Ivanti Connect Secure Allows Cross-Site Scripting Attacks
CVE-2023-38551

8.2HIGH

Key Information:

Vendor: Ivanti
Status: Connect Secure
Vendor: CVE Published:; 31 May 2024

What is CVE-2023-38551?

A CRLF Injection vulnerability exists in Ivanti Connect Secure versions 9.x and 22.x, allowing an authenticated user with high privileges to insert malicious code into the victim's browser. This vulnerability can lead to cross-site scripting (XSS) attacks, where an attacker exploits the trust of users by executing arbitrary scripts in their browsers. Organizations utilizing these versions of Ivanti Connect Secure should take immediate steps to mitigate the risk associated with this vulnerability, ensuring their systems are secured against unauthorized access and potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Connect Secure 22.7R2

Connect Secure 22.5R2.2

Connect Secure 9.1R18.6

References

https://forums.ivanti.com/s/article/Security-Advisory-May...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

CVSS V3.0