https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/ > Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. > The first security flaw (CVE-2023-46805) is an authentication bypass in the gateways' web component, enabling attackers to access restricted resources by circumventing control checks.