Local Auth Bypass Could Lead to Privilege Escalation
CVE-2024-8012

7.8HIGH

Key Information:

Vendor: Ivanti
Status: Workspace Control
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-8012?

An authentication bypass vulnerability exists in the message broker service of Ivanti Workspace Control, affecting version 10.18.0.0 and earlier. This vulnerability allows a local authenticated attacker to escalate their privileges, potentially granting access to sensitive functionalities and data within the system. Proper patching and mitigation strategies are essential to safeguard against this type of attack, as it may lead to unauthorized actions and increased security risks.

Affected Version(s)

Workspace Control 10.19.0.0

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024