Insufficient Permission Vulnerability in Ivanti Secure Access Client
CVE-2024-13813

7.1HIGH

Key Information:

Vendor: Ivanti
Status: Secure Access Client
Vendor: CVE Published:; 11 February 2025

Summary

The Ivanti Secure Access Client prior to version 22.8R1 contains a vulnerability that allows local authenticated attackers to exploit insufficient permissions, enabling them to delete arbitrary files on the system. This could lead to significant data loss and system instability, impacting the overall security posture of the affected machines.

Affected Version(s)

Secure Access Client 22.8R1

References

https://forums.ivanti.com/s/article/February-Security-Adv...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 30, 2025