Skip to main content

Secure Access Client CVE-2024-38654

MEDIUM
Out-of-bounds Read (CWE-125)
2024-11-13 support@hackerone.com
4.4
CVSS 3.0 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (hackerone) · only source for this CVE.

CVSS VectorVendor: hackerone

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 13, 2024 - 02:15 cve.org
MEDIUM 4.4

DescriptionCVE.org

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.

AnalysisAI

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. Affected products include: Ivanti Secure Access Client. Version information: version 22.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2024-3661 HIGH POC
7.6 May 06

DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7

CVE-2026-8992 HIGH
8.8 May 22

Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run ar

CVE-2023-24492 HIGH
8.8 Jul 11

A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an at

CVE-2025-0320 HIGH
7.8 Jun 17

Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-pr

CVE-2024-37398 HIGH
7.8 Nov 13

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate t

CVE-2024-7571 HIGH
7.8 Nov 12

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate the

CVE-2023-41718 HIGH
7.8 Nov 15

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the aff

CVE-2023-38543 HIGH
7.8 Nov 15

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally au

CVE-2023-38043 HIGH
7.8 Nov 15

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally au

CVE-2023-35080 HIGH
7.8 Nov 15

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticate

CVE-2023-24491 HIGH
7.8 Jul 11

A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an a

CVE-2024-13813 HIGH
7.1 Feb 11

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to d

Share

CVE-2024-38654 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy