Skip to main content

Secure Access Client

19 CVEs product

Monthly

CVE-2026-8992 HIGH This Week

Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run arbitrary code on endpoints by exploiting improper TLS certificate validation, contingent on user interaction (UI:R). No public exploit identified at time of analysis, but the CVSS 8.8 rating and Ivanti's own advisory disclosure mark this as a high-priority client-side risk for organizations using the VPN client.

RCE Ivanti Secure Access Client
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0320 HIGH PATCH This Week

Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-privileged user to escalate their privileges to SYSTEM level without user interaction. The vulnerability affects the Citrix Secure Access Client application on Windows systems and represents a critical threat to enterprise environments where this client is deployed, as successful exploitation grants complete system control. The CVSS 7.8 score and confirmed local attack vector indicate this is a material risk for any organization using this software, though exploitation requires prior local access to an affected system.

Privilege Escalation Citrix Windows Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-13813 HIGH This Week

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-38654 MEDIUM This Month

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.0
4.4
EPSS
0.3%
CVE-2024-37398 HIGH This Week

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-29211 MEDIUM This Month

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-9843 MEDIUM This Month

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-9842 LOW Monitor

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-8539 HIGH This Week

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-7571 HIGH This Week

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-3661 HIGH POC This Week

DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Forticlient Anyconnect Vpn Client Secure Client Globalprotect +5
NVD
CVSS 3.1
7.6
EPSS
4.1%
CVE-2023-41718 HIGH This Week

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-38544 MEDIUM This Month

A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Secure Access Client
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-38543 HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-38043 HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-35080 HIGH This Week

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ivanti Privilege Escalation Microsoft Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-38041 HIGH This Week

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Secure Access Client
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2023-24492 HIGH This Week

A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu RCE Code Injection Citrix Secure Access Client
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-24491 HIGH This Week

A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run arbitrary code on endpoints by exploiting improper TLS certificate validation, contingent on user interaction (UI:R). No public exploit identified at time of analysis, but the CVSS 8.8 rating and Ivanti's own advisory disclosure mark this as a high-priority client-side risk for organizations using the VPN client.

RCE Ivanti Secure Access Client
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-privileged user to escalate their privileges to SYSTEM level without user interaction. The vulnerability affects the Citrix Secure Access Client application on Windows systems and represents a critical threat to enterprise environments where this client is deployed, as successful exploitation grants complete system control. The CVSS 7.8 score and confirmed local attack vector indicate this is a material risk for any organization using this software, though exploitation requires prior local access to an affected system.

Privilege Escalation Citrix Windows +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Ivanti +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Denial Of Service +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
EPSS 4% CVSS 7.6
HIGH POC This Week

DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Forticlient Anyconnect Vpn Client +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Secure Access Client
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Secure Access Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ivanti Privilege Escalation +3
NVD
EPSS 1% CVSS 7.0
HIGH This Week

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Secure Access Client
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu RCE Code Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy