CVE-2023-38543

Published: Nov 15, 2023Modified: Jan 7, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.

Affected (2)

Products: Ivanti: Secure Access Client

1 product

Secure Access Client

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ivanti Secure Access Client	Before 22.6
Ivanti Secure Access Client	Version 22.6 r1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release

Source: support@hackerone.com

Vendor Advisory

https://northwave-cybersecurity.com/vulnerability-notice/denial-of-service-in-ivanti-secure-access-client-driver

Source: support@hackerone.com

https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://northwave-cybersecurity.com/vulnerability-notice/denial-of-service-in-ivanti-secure-access-client-driver

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.