CVE-2024-38654

Published Nov 13, 2024

Last updated 8 months ago

CVSS medium 4.4

Overview

Description: Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
Source: support@hackerone.com
NVD status: Analyzed
Products: secure_access_client

Risk scores

CVSS 3.0

Type: Secondary
Base score: 4.4
Impact score: 3.6
Exploitability score: 0.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2347060E-FEC7-41EF-A0C0-5ED61B157223",
            "versionEndExcluding": "22.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*",
            "matchCriteriaId": "C419EC4C-AB98-4D73-82B2-00A0A1F5A435",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*",
            "matchCriteriaId": "F78C1CDE-FB11-4033-AEBA-D04D937EDD67",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1.1:*:*:*:*:*:*",
            "matchCriteriaId": "12DF0E17-F261-48D1-B2B8-50E9AEAFEC27",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*",
            "matchCriteriaId": "E881D4BF-3222-4EF9-8A9B-0948973CCC89",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r3:*:*:*:*:*:*",
            "matchCriteriaId": "D93F7D15-B61D-4EE7-9280-FC0B7C45C940",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

Weaknesses

Social media

Configurations

Related CVEs

References