Vulnerability in Ivanti Secure Access Client: Local Authentication Exploit and System Compromise

Vulnerability in Ivanti Secure Access Client: Local Authentication Exploit and System Compromise

CVE-2023-38043 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.

Learn more about our User Device Pen Test.