Denial of Service Vulnerability in Ivanti Secure Access Client
CVE-2023-38543

8.8HIGH

Key Information:

Vendor: Ivanti
Status: Secure Access Client Windows
Vendor: CVE Published:; 15 November 2023

Summary

The Ivanti Secure Access Client is vulnerable to a configuration issue that allows an authenticated local attacker to trigger a denial of service condition. This vulnerability impacts all versions prior to 22.6R1.1, potentially disrupting the functionality of the user’s machine. It's essential for users to upgrade to the latest version to mitigate this security risk.

Affected Version(s)

Secure Access Client Windows 22.6R1.1

References

https://forums.ivanti.com/s/article/Security-fixes-includ...

https://northwave-cybersecurity.com/vulnerability-notice/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Jul 20, 2023