Improper Authorization in Ivanti Secure Access Client Leading to Configuration File Alterations
CVE-2024-8539

7.1HIGH

Key Information:

Vendor: Ivanti
Status: Secure Access Client
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability has been identified in the Ivanti Secure Access Client that affects versions prior to 22.7R3. This flaw allows a local authenticated attacker to gain unauthorized access to modify sensitive configuration files, potentially leading to unauthorized data manipulation and access control issues. Organizations using affected versions should take immediate action to upgrade to the latest version to mitigate this security risk.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024