CVE-2023-35080
First published: Tue Nov 14 2023(Updated: )
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Secure Access Client | <22.6 | |
| Ivanti Secure Access Client | =22.6-r1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-35080?
CVE-2023-35080 is a vulnerability in the Ivanti Secure Access Windows client that could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks.
How does CVE-2023-35080 affect Ivanti Secure Access Client?
CVE-2023-35080 affects Ivanti Secure Access Client version 22.6 and 22.6-r1.
What are the potential security risks of CVE-2023-35080?
The potential security risks of CVE-2023-35080 include the escalation of privileges, denial of service, or information disclosure.
How severe is CVE-2023-35080?
CVE-2023-35080 has a severity value of 8.8, which is considered high.
How can I fix CVE-2023-35080?
To fix CVE-2023-35080, update to the latest version of Ivanti Secure Access Client, which includes security fixes for this vulnerability. Refer to the official Ivanti website for more information on the latest release.
- collector/mitre-cve
- collector/nvd-api
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- vendor/ivanti
- canonical/ivanti secure access client
- version/ivanti secure access client/22.6-r1
- vendor/microsoft
- canonical/microsoft windows