Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.
AnalysisAI
Ivanti Secure Access Client before version 22.8R6 allows local authenticated users to read or modify sensitive log data through write access to a shared memory section due to incorrect permission assignments on a critical resource. With a CVSS score of 4.4 and a local attack vector requiring authentication, this vulnerability poses a moderate risk to users whose systems are accessed by multiple authenticated accounts. No active exploitation has been publicly confirmed, but the simplicity of the attack (local, low complexity) makes this a practical concern for multi-user systems.
Technical ContextAI
This vulnerability stems from a CWE-732 (Incorrect Permission Assignment for Critical Resource) flaw in Ivanti Secure Access Client. The underlying issue involves inadequate access controls on a shared memory section used for log data storage. Shared memory is a Unix/Linux inter-process communication (IPC) mechanism that allows processes to access common memory regions; when permissions are misconfigured, unintended processes or users can gain read or write access. The affected product uses shared memory for logging functionality, but the permission bits (rwx flags) were not properly restricted to prevent local authenticated users from accessing or modifying this critical resource. This is a privilege escalation or lateral-movement vector within the same system, as it allows lower-privileged authenticated users to tamper with logging data that should be protected.
RemediationAI
Upgrade Ivanti Secure Access Client to version 22.8R6 or later to remediate this vulnerability. This patched version corrects the shared memory permission assignment, restricting write access to authorized processes only. Organizations should prioritize this patch on multi-user systems, shared workstations, or environments where privilege escalation or lateral movement is a concern. If immediate patching is not feasible, consider restricting login access to the affected system to a single authenticated user per session, or isolating the Secure Access Client to a dedicated account with minimal privilege that cannot be accessed by other local users. These workarounds reduce the attack surface but do not eliminate the underlying flaw and should be viewed as temporary measures. See the vendor advisory for any additional mitigations or deployment guidance.
Authentication bypass in Ivanti Virtual Traffic Manager (vTM) admin panel allows remote unauthenticated attackers to gai
Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to l
Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosu
Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosur
Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to a
Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that al
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to a
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated re
Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authentica
Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthen
Remote code execution in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows unauthenticated remote attackers to a
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29485
GHSA-392j-3m8m-x4c8