Secure Access Client
CVE-2024-13813
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
AnalysisAI
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. Affected products include: Ivanti Secure Access Client. Version information: version 22.8.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
More in Secure Access Client
View allDHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7
Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run ar
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an at
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-pr
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate t
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate the
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the aff
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally au
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally au
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticate
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an a
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to mod
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today