Vulnerability in Ivanti Secure Access Client Could Allow Privilege Escalation
CVE-2024-37398

7.8HIGH

Key Information:

Vendor: Ivanti
Status: Secure Access Client
Vendor: CVE Published:; 13 November 2024

Summary

The vulnerability exists due to insufficient validation in the Ivanti Secure Access Client prior to version 22.7R4. A local authenticated attacker may exploit this flaw to escalate their privileges within the application environment. This vulnerability highlights the importance of robust validation mechanisms and timely updates to enhance security posture and protect sensitive information.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2024