CVE-2024-38654

Published: Nov 13, 2024Modified: Jun 27, 2025

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.8 / Impact: 3.6

Source: support@hackerone.com (Secondary)

Description

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.

Affected (6)

Products: Ivanti: Secure Access Client

Ivanti

1 product

Secure Access Client

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ivanti Secure Access Client	Before 22.7
Ivanti Secure Access Client	Version 22.7
Ivanti Secure Access Client	Version 22.7 r1.1
Ivanti Secure Access Client	Version 22.7 r1
Ivanti Secure Access Client	Version 22.7 r2
Ivanti Secure Access Client	Version 22.7 r3

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (1)

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

Source: support@hackerone.com

Vendor Advisory

Timeline

No history available yet.