CVE-2024-9842

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ivanti:secure_access_client::::::::
	cpe:2.3:a:ivanti:secure_access_client:22.7:-::::::
	cpe:2.3:a:ivanti:secure_access_client:22.7:r1::::::
	cpe:2.3:a:ivanti:secure_access_client:22.7:r1.1::::::
	cpe:2.3:a:ivanti:secure_access_client:22.7:r2::::::
	cpe:2.3:a:ivanti:secure_access_client:22.7:r3::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

17 Jan 2025, 19:55

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
First Time		Ivanti Microsoft windows Ivanti secure Access Client Microsoft
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:ivanti:secure_access_client:22.7:r1.1:::::: cpe:2.3:a:ivanti:secure_access_client:22.7:r3:::::: cpe:2.3:a:ivanti:secure_access_client:22.7:r1:::::: cpe:2.3:a:ivanti:secure_access_client:22.7:-:::::: cpe:2.3:a:ivanti:secure_access_client:::::::: cpe:2.3:a:ivanti:secure_access_client:22.7:r2::::::
References	~~() https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs -~~	() https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs - Vendor Advisory

13 Nov 2024, 17:01

Type	Values Removed	Values Added
Summary		(es) Los permisos incorrectos en Ivanti Secure Access Client anteriores a la versión 22.7R4 permiten que un atacante autenticado local cree carpetas arbitrarias.

12 Nov 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-12 17:15

Updated : 2025-01-17 19:55

NVD link : CVE-2024-9842

Mitre link : CVE-2024-9842

CVE.ORG link : CVE-2024-9842

JSON object : View

Products Affected

ivanti

secure_access_client

microsoft

windows

CWE

CWE-267

Privilege Defined With Unsafe Actions

CWE-732

Incorrect Permission Assignment for Critical Resource

NVD-CWE-Other

7.3 /10