Vulnerabilities > CVE-2024-8539 - Unspecified vulnerability in Ivanti Secure Access Client

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

ivanti

NVD

Published: 2024-11-12

Updated: 2025-01-17

Summary

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

Vulnerable Configurations

Part	Description	Count
Application	Ivanti Ivanti Secure Access Client - Ivanti Secure Access Client 22.2 Ivanti Secure Access Client 22.3 Ivanti Secure Access Client 22.5 Ivanti Secure Access Client 22.6 Ivanti Secure Access Client 22.7	14
OS	Apple Apple Macos -	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs