CVE-2023-38543

HIGH8.8Denial of service

Description

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.

CVSS breakdown

CVSS 3.0

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Ivanti / Secure Access Client Windows22.6R1.1 – 22.6R1.1

References

MISChttps://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release
MISChttps://northwave-cybersecurity.com/vulnerability-notice/denial-of-service-in-ivanti-secure-access-client-driver