Ivanti Secure Access Client <22.6R1.1 DoS & Full Compromise via Local Auth
CVE-2023-38043 Published on November 15, 2023
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2023-38043 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2023-38043
Want to know whenever a new CVE is published for Ivanti Secure Access Client? stack.watch will email you.
Affected Versions
Ivanti Secure Access Client Windows:- Version 22.6R1.1 and below 22.6R1.1 is affected.
- Before 22.6R1.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.