CVE-2023-38544
published 2023-11-15CVE-2023-38544: A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited…
PriorityP427medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
EPSS
0.37%
29.2th percentile
A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | secure_access_client | — | — |
| ivanti | secure_access_client | — | — |
| ivanti | secure_access_linux | >= 22.6.1 < 22.6.1 | 22.6.1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2023-38544
vendor_ivanti·2023-11-15·CVSS 5.5
CVE-2023-38544 [MEDIUM] Ivanti Security Advisory: CVE-2023-38544
Ivanti Security Advisory: CVE-2023-38544
A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.
CVE IDs: CVE-2023-38544
CVSS Base Score: 5.5
Severity: MEDIUM
GHSA
GHSA-7qxh-xwq3-9f5w: A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings
ghsa_unreviewed·2023-11-15
CVE-2023-38544 [MEDIUM] GHSA-7qxh-xwq3-9f5w: A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings
A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-15
Published