Description
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Ivanti / Connect Secure22.7R2.5 – 22.7R2.5
- Ivanti / Neurons for ZTA gateways22.7R2.5 – 22.7R2.5
- Ivanti / Policy Secure22.7R1.2 – 22.7R1.2