CVE-2023-35080
https://notcve.org/view.php?id=CVE-2023-35080
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. Se ha identificado una vulnerabilidad en el cliente de Windows Ivanti Secure Access, que podría permitir que un atacante autenticado localmente explote una configuración vulnerable, lo que podría generar varios riesgos de seguridad, incluida la escalada de privilegios, la denegación de servicio o la divulgación de información. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release •
CVE-2023-38043
https://notcve.org/view.php?id=CVE-2023-38043
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. Cuando un atacante local carga un componente específico y puede enviar una solicitud especialmente manipulada a este componente, el atacante podría obtener privilegios elevados en el sistema afectado. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release https://northwave-cybersecurity.com/vulnerability-notice/arbitrary-kernel-function-call-in-ivanti-secure-access-client • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-38543
https://notcve.org/view.php?id=CVE-2023-38543
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. Cuando un atacante local carga un componente específico y puede enviar una solicitud especialmente manipulada a este componente, el atacante podría obtener privilegios elevados en el sistema afectado. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release https://northwave-cybersecurity.com/vulnerability-notice/denial-of-service-in-ivanti-secure-access-client-driver •
CVE-2023-24492
https://notcve.org/view.php?id=CVE-2023-24492
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. • https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-24491
https://notcve.org/view.php?id=CVE-2023-24491
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. • https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491 • CWE-269: Improper Privilege Management •