CVE-2024-29211

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:secure_access_client:22.7:r3:*:*:*:*:*:*

History

14 Nov 2024, 19:09

Type Values Removed Values Added
References () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs - () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs - Vendor Advisory
CPE cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:secure_access_client:22.7:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*
Summary
  • (es) Una condición de ejecución en Ivanti Secure Access Client anterior a la versión 22.7R4 permite que un atacante autenticado local modifique archivos de configuración confidenciales.
CWE CWE-362
CVSS v2 : unknown
v3 : 7.1
v2 : unknown
v3 : 4.7
First Time Ivanti
Ivanti secure Access Client

13 Nov 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-13 02:15

Updated : 2024-11-14 19:09


NVD link : CVE-2024-29211

Mitre link : CVE-2024-29211

CVE.ORG link : CVE-2024-29211


JSON object : View

Products Affected

ivanti

  • secure_access_client
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')