CVE-2023-38041

Name of the Vulnerable Software and Affected Versions Ivanti Secure Access Client (ISAC) versions (affected versions not specified)

Description A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. The issue is related to synchronization errors when using a shared resource, also known as a "race condition".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.