CVE-2023-35080

2023-11-1500:15:07

[email protected]

web.nvd.nist.gov

vulnerability

ivanti

secure access

windows client

locally authenticated attacker

configuration

security risks

escalation of privileges

denial of service

information disclosure

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.

Affected configurations

Nvd

Node

ivantisecure_access_clientRange<22.6

ivantisecure_access_clientMatch22.6r1

AND

microsoftwindowsMatch-

VendorProductVersionCPE
ivantisecure_access_client*cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*
ivantisecure_access_client22.6cpe:2.3:a:ivanti:secure_access_client:22.6:r1:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	secure_access_client	*	cpe:2.3:a:ivanti:secure_access_client::::::::
ivanti	secure_access_client	22.6	cpe:2.3:a:ivanti:secure_access_client:22.6:r1::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*