Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2023-38042
CVE-2023-38042:
Ivanti Secure Access Client vulnerability analysis and mitigation
Overview
CVE-2023-38042 is a local privilege escalation vulnerability discovered in Ivanti Secure Access Client for Windows. The vulnerability was disclosed in May 2024 and affects versions prior to 22.7R1. This security flaw allows a low-privileged user to execute code with SYSTEM privileges (Ivanti Advisory).
Technical details
The vulnerability has been assigned a CVSS score of 7.8 with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This score indicates a high-severity local vulnerability requiring low privileges and no user interaction to exploit (Ivanti Advisory).
Impact
If successfully exploited, this vulnerability allows a low-privileged user to elevate their privileges and execute code with SYSTEM-level access, potentially gaining complete control over the affected Windows system (Ivanti Advisory).
Mitigation and workarounds
Ivanti has released patches to address this vulnerability. Users are advised to upgrade their Secure Access Client for Windows to version 22.7R1 or later to mitigate the risk (Ivanti Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management