CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41718
https://notcve.org/view.php?id=CVE-2023-41718
14 Nov 2023 — When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. Cuando se inicia un flujo de proceso particular, un atacante puede obtener privilegios elevados no autorizados en el sistema afectado al tener control sobre un archivo específico. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2023-35080
https://notcve.org/view.php?id=CVE-2023-35080
14 Nov 2023 — A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. Se ha identificado una vulnerabilidad en el cliente de Windows Ivanti Secure Access, que podría permitir que un atacante autenticado localmente explote una configuración vulnerable, lo que podría generar vario... • https://github.com/HopHouse/Ivanti-Pulse_VPN-Client_Exploit-CVE-2023-35080_Privilege-escalation • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38544
https://notcve.org/view.php?id=CVE-2023-38544
14 Nov 2023 — A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system. Un usuario que haya iniciado sesión puede modificar archivos específicos que pueden dar lugar a cambios no autorizados en los ajustes de configuración de todo el sistema. Esta vulnerabilidad podría explotarse para comprometer la integridad y seguridad de la red en el sistem... • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38043
https://notcve.org/view.php?id=CVE-2023-38043
14 Nov 2023 — A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. Cuando un atacante local carga un componente específico y puede enviar una solicitud especialmente manipulada a este componente, el atacante podría obtener privilegios elevados en el sist... • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38543
https://notcve.org/view.php?id=CVE-2023-38543
14 Nov 2023 — A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. Cuando un atacante local carga un componente específico y puede enviar una solicitud especialmente manipulada a este componente, el atacante podría obtener privilegios elevados en el sistema afectado. • https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-38041
https://notcve.org/view.php?id=CVE-2023-38041
25 Oct 2023 — A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. Un usuario que haya iniciado sesión puede elevar sus permisos abusando de una condición de ejecución de Tiempo de Check a Tiempo de Uso (TOCTOU). Cuando se inicia un flujo de proceso particular, un atacante puede aprovechar esta condición para obtener... • https://github.com/ewilded/CVE-2023-38041-POC • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24492
https://notcve.org/view.php?id=CVE-2023-24492
11 Jul 2023 — A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. • https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24491
https://notcve.org/view.php?id=CVE-2023-24491
11 Jul 2023 — A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed... • https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491 • CWE-269: Improper Privilege Management •