Authentication Bypass in Ivanti Products Due to Insecure Inter-Process Communication
CVE-2022-44569

7.8HIGH

Key Information:

Vendor
Ivanti
Status
Automation
Vendor
CVE Published:
3 November 2023

Badges

πŸ‘Ύ Exploit Exists

Summary

A vulnerability exists that allows a locally authenticated attacker with low privileges to bypass authentication mechanisms due to insecure inter-process communication practices within Ivanti products. This can lead to unauthorized access and potential exploitation. It is critical for users to ensure they are using the latest versions of affected products to mitigate this risk.

Affected Version(s)

Automation 2023.4

References

https://help.ivanti.com/res/help/en_US/IA/2023/Admin/Cont...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database0 Proof of Concept(s)
.