CVE-2024-38654
published 2024-11-13CVE-2024-38654: Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of…
PriorityP412medium4.4CVSS 3.0
AVLACLPRHUINSUCNINAH
EPSS
0.28%
19.8th percentile
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | secure_access_client | < 22.7 | 22.7 |
| ivanti | secure_access_client | — | — |
| ivanti | secure_access_client | >= 22.7R3 < 22.7R3 | 22.7R3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2024-38654
vendor_ivanti·2024-11-13·CVSS 4.4
CVE-2024-38654 [MEDIUM] CWE-125 Ivanti Security Advisory: CVE-2024-38654
Ivanti Security Advisory: CVE-2024-38654
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
CVE IDs: CVE-2024-38654
CVSS Base Score: 4.4
Severity: MEDIUM
CWEs: CWE-125
GHSA
GHSA-7pmr-m2q5-rp82: Improper bounds checking in Ivanti Secure Access Client before version 22
ghsa_unreviewed·2024-11-13
CVE-2024-38654 [MEDIUM] CWE-125 GHSA-7pmr-m2q5-rp82: Improper bounds checking in Ivanti Secure Access Client before version 22
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-13
Published