CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35080
https://notcve.org/view.php?id=CVE-2023-35080
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. Se ha identificado una vulnerabilidad en el cliente de Windows Ivanti Secure Access, que podría permitir que un atacante autenticado localmente explote una configuración vulnerable, lo que podría generar varios riesgos de seguridad, incluida la escalada de privilegios, la denegación de servicio o la divulgación de información. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38544
https://notcve.org/view.php?id=CVE-2023-38544
A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system. Un usuario que haya iniciado sesión puede modificar archivos específicos que pueden dar lugar a cambios no autorizados en los ajustes de configuración de todo el sistema. Esta vulnerabilidad podría explotarse para comprometer la integridad y seguridad de la red en el sistema afectado. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38043
https://notcve.org/view.php?id=CVE-2023-38043
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. Cuando un atacante local carga un componente específico y puede enviar una solicitud especialmente manipulada a este componente, el atacante podría obtener privilegios elevados en el sistema afectado. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release https://northwave-cybersecurity.com/vulnerability-notice/arbitrary-kernel-function-call-in-ivanti-secure-access-client • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38543
https://notcve.org/view.php?id=CVE-2023-38543
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. Cuando un atacante local carga un componente específico y puede enviar una solicitud especialmente manipulada a este componente, el atacante podría obtener privilegios elevados en el sistema afectado. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release https://northwave-cybersecurity.com/vulnerability-notice/denial-of-service-in-ivanti-secure-access-client-driver •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41726 – Ivanti Avalanche Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-41726
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability Los permisos predeterminados incorrectos de Ivanti Avalanche permiten una vulnerabilidad de escalada de privilegios locales This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions set on product folders created by the installer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt • CWE-276: Incorrect Default Permissions •