CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22454
https://notcve.org/view.php?id=CVE-2025-22454
11 Mar 2025 — Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Access-Client-ISAC-CVE-2025-22454 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7571 – Ivanti Secure Access Client Pulse Secure Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7571
12 Nov 2024 — Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Secure Access Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Pulse Secure Service. By creating a symbolic link, an attacker can abuse the service... • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9843
https://notcve.org/view.php?id=CVE-2024-9843
12 Nov 2024 — A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-126: Buffer Over-read •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9842
https://notcve.org/view.php?id=CVE-2024-9842
12 Nov 2024 — Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-267: Privilege Defined With Unsafe Actions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8539
https://notcve.org/view.php?id=CVE-2024-8539
12 Nov 2024 — Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38042
https://notcve.org/view.php?id=CVE-2023-38042
31 May 2024 — A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. Una vulnerabilidad de escalada de privilegios local en Ivanti Secure Access Client para Windows permite a un usuario con pocos privilegios ejecutar código como SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41718
https://notcve.org/view.php?id=CVE-2023-41718
14 Nov 2023 — When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. Cuando se inicia un flujo de proceso particular, un atacante puede obtener privilegios elevados no autorizados en el sistema afectado al tener control sobre un archivo específico. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2023-35080
https://notcve.org/view.php?id=CVE-2023-35080
14 Nov 2023 — A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. Se ha identificado una vulnerabilidad en el cliente de Windows Ivanti Secure Access, que podría permitir que un atacante autenticado localmente explote una configuración vulnerable, lo que podría generar vario... • https://github.com/HopHouse/Ivanti-Pulse_VPN-Client_Exploit-CVE-2023-35080_Privilege-escalation • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38544
https://notcve.org/view.php?id=CVE-2023-38544
14 Nov 2023 — A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system. Un usuario que haya iniciado sesión puede modificar archivos específicos que pueden dar lugar a cambios no autorizados en los ajustes de configuración de todo el sistema. Esta vulnerabilidad podría explotarse para comprometer la integridad y seguridad de la red en el sistem... • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38043
https://notcve.org/view.php?id=CVE-2023-38043
14 Nov 2023 — A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. Cuando un atacante local carga un componente específico y puede enviar una solicitud especialmente manipulada a este componente, el atacante podría obtener privilegios elevados en el sist... • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release • CWE-400: Uncontrolled Resource Consumption •