PT-2024-8645 · Ivanti · Ivanti Secure Access Client
Published
2024-11-11
·
Updated
2024-11-14
·
CVE-2024-29211
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ivanti Secure Access Client versions prior to 22.7R4
Description
A race condition in Ivanti Secure Access Client allows a local authenticated attacker to modify sensitive configuration files. This issue is related to synchronization errors when using a shared resource, also known as a race condition.
Recommendations
For versions prior to 22.7R4, update to version 22.7R4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive configuration files until a patch is applied.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Secure Access Client