Ivanti: >> Secure Access Client >> 22.3 Security Vulnerabilities
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-11-15
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-11-15
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
CVSS Score
7.8
EPSS Score
0.003
Published
2023-10-25
Page 2