Privilege Escalation Flaw in Ivanti Secure Access Client Software
CVE-2024-7571

7.8HIGH

Key Information:

Vendor: Ivanti
Status: Secure Access Client
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability exists in the Ivanti Secure Access Client that allows a local authenticated attacker to exploit incorrect permissions and escalate their privileges. This flaw affects versions prior to 22.7R4, potentially compromising the security of the system and allowing unauthorized access to critical resources.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024