CVE-2024-9842
Nov. 13, 2024, 5:01 p.m.
Tags
CVSS Score
Product(s) Impacted
Ivanti Secure Access Client
- before 22.7R4
Description
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
Weaknesses
CWE-267
Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
CWE ID: 267Date
Published: Nov. 12, 2024, 5:15 p.m.
Last Modified: Nov. 13, 2024, 5:01 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H