Lucene search
3c1d8aa1-5a33-4ea4-8992-aadd6440af75NVD:CVE-2024-44104HistorySep 10, 2024 - 9:15 p.m.
CVE-2024-44104
2024-09-1021:15:13
CWE-290
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
web.nvd.nist.gov
3
ivanti workspace control
authentication
spoofing attack
privilege escalation
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.6%
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
Affected configurations
Node
ivantiworkspace_controlRange<10.18.99.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ivanti | workspace_control | * | cpe:2.3:a:ivanti:workspace_control:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2024-44104
2024-09-10 21:15:13
vulnrichment
vulnrichment
CVE-2024-44104
2024-09-10 20:41:33
cvelist
cvelist
CVE-2024-44104
2024-09-10 20:41:33
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.6%
Related for NVD:CVE-2024-44104