Secure Access Client
CVE-2024-8539
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
AnalysisAI
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-267. Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. Affected products include: Ivanti Secure Access Client. Version information: version 22.7.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Secure Access Client
View allDHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7
Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run ar
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an at
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-pr
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate t
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate the
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the aff
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally au
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally au
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticate
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an a
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to d
Same weakness CWE-267 – Privilege Defined With Unsafe Actions
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today