CVE-2023-38043
8.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ivanti | Secure Access Client Windows | 22.6R1.1 < 22.6R1.1 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
- https://northwave-cybersecurity.com/vulnerability-notice/arbitrary-kernel-function-call-in-ivanti-secure-access-client
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
- https://northwave-cybersecurity.com/vulnerability-notice/arbitrary-kernel-function-call-in-ivanti-secure-access-client
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.