CVE-2023-41718
published 2023-11-15CVE-2023-41718: When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a…
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.45%
36.0th percentile
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | secure_access | >= 22.6.1.1 < 22.6.1.1 | 22.6.1.1 |
| ivanti | secure_access_client | — | — |
| ivanti | secure_access_client | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2023-41718
vendor_ivanti·2023-11-15·CVSS 7.8
CVE-2023-41718 [HIGH] CWE-276 Ivanti Security Advisory: CVE-2023-41718
Ivanti Security Advisory: CVE-2023-41718
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
CVE IDs: CVE-2023-41718
CVSS Base Score: 7.8
Severity: HIGH
CWEs: CWE-276
GHSA
GHSA-jc2w-6rjp-h443: When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having contr
ghsa_unreviewed·2023-11-15
CVE-2023-41718 [HIGH] CWE-276 GHSA-jc2w-6rjp-h443: When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having contr
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-15
Published