Secure Access Client
CVE-2023-38043
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
AnalysisAI
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. Affected products include: Ivanti Secure Access Client.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
More in Secure Access Client
View allDHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7
Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run ar
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an at
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-pr
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate t
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate the
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the aff
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally au
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticate
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an a
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to d
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to mod
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today