CVE-2023-38043
published 2023-11-15CVE-2023-38043: A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.37%
28.8th percentile
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | secure_access_client | < 22.6 | 22.6 |
| ivanti | secure_access_client | — | — |
| ivanti | secure_access_client_windows | >= 22.6R1.1 < 22.6R1.1 | 22.6R1.1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j5jp-qgcc-m868: When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevat
ghsa_unreviewed·2023-11-15
CVE-2023-38043 [HIGH] CWE-400 GHSA-j5jp-qgcc-m868: When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevat
When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system.
Ivanti
Ivanti Security Advisory: CVE-2023-38043
vendor_ivanti·2023-11-15·CVSS 7.8
CVE-2023-38043 [HIGH] CWE-400 Ivanti Security Advisory: CVE-2023-38043
Ivanti Security Advisory: CVE-2023-38043
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
CVE IDs: CVE-2023-38043
CVSS Base Score: 7.8
Severity: HIGH
CWEs: CWE-400
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Releasehttps://northwave-cybersecurity.com/vulnerability-notice/arbitrary-kernel-function-call-in-ivanti-secure-access-clienthttps://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Releasehttps://northwave-cybersecurity.com/vulnerability-notice/arbitrary-kernel-function-call-in-ivanti-secure-access-client
2023-11-15
Published