CVE-2023-35080

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ivanti:secure_access_client::::::::
	cpe:2.3:a:ivanti:secure_access_client:22.6:r1::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

22 Nov 2023, 15:08

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ivanti:secure_access_client:22.6:r1:::::: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:ivanti:secure_access_client::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Microsoft windows Microsoft Ivanti secure Access Client Ivanti
References	~~() https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release -~~	() https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release - Vendor Advisory
CWE		NVD-CWE-noinfo

15 Nov 2023, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-15 00:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-35080

Mitre link : CVE-2023-35080

CVE.ORG link : CVE-2023-35080

JSON object : View

Products Affected

ivanti

secure_access_client

microsoft

windows

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-35080", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-11-15T00:15:07.787", "references": [{"url": "https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en el cliente de Windows Ivanti Secure Access, que podr\u00eda permitir que un atacante autenticado localmente explote una configuraci\u00f3n vulnerable, lo que podr\u00eda generar varios riesgos de seguridad, incluida la escalada de privilegios, la denegaci\u00f3n de servicio o la divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2023-11-22T15:08:08.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD3A3874-0C90-4B5B-B8DF-EA2D6AC13183", "versionEndExcluding": "22.6"}, {"criteria": "cpe:2.3:a:ivanti:secure_access_client:22.6:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31760E56-8D3F-4F8B-9675-3C8222950E78"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "support@hackerone.com"}