PT-2024-8636 · Ivanti · Ivanti Secure Access Client
Published
2024-06-19
·
Updated
2024-11-13
·
CVE-2024-38654
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Ivanti Secure Access Client versions prior to 22.7R3
Description
The issue is related to improper bounds checking, which can be exploited by a local authenticated attacker with admin privileges to cause a denial of service. This is due to a buffer copy without checking the size of the input data.
Recommendations
For versions prior to 22.7R3, update to version 22.7R3 or later to resolve the issue. As a temporary workaround, consider restricting admin privileges to minimize the risk of exploitation.
Fix
Out of bounds Read
Improper Resource Release
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ivanti Secure Access Client