CVE-2024-44104

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Ivanti Workspace Control versions 10.18.0.0 and below

Description: The issue is related to an incorrectly implemented authentication scheme in the management console of Ivanti Workspace Control, which is vulnerable to a spoofing attack. This allows a local authenticated attacker to escalate their privileges.

Recommendations: For Ivanti Workspace Control versions 10.18.0.0 and below, consider restricting access to the management console until a patch is available. As a temporary workaround, limit the privileges of local authenticated users to minimize the risk of exploitation.

Fix

Improper Authorization

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-290

Related Identifiers

BDU:2024-07862

CVE-2024-44104

Affected Products

Ivanti Workspace Control

CVE-2024-44104

Weakness Enumeration

Related Identifiers

Affected Products

References · 12