Improper Authorization in Ivanti Secure Access Client Leading to Configuration File Alterations
CVE-2024-8539

7.1HIGH

Key Information:

Vendor

Ivanti
Status
Secure Access Client
Vendor
CVE Published:
12 November 2024

What is CVE-2024-8539?

A vulnerability has been identified in the Ivanti Secure Access Client that affects versions prior to 22.7R3. This flaw allows a local authenticated attacker to gain unauthorized access to modify sensitive configuration files, potentially leading to unauthorized data manipulation and access control issues. Organizations using affected versions should take immediate action to upgrade to the latest version to mitigate this security risk.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.