First published: Tue Nov 14 2023(Updated: )
A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ivanti Secure Access Client | =22.2-r1 | |
Ivanti Secure Access Client | =22.3-r1 | |
Ivanti Secure Access Client | =22.3-r2 | |
Ivanti Secure Access Client | =22.3-r3 | |
Linux Linux kernel |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-38544 is a vulnerability where a logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings.
CVE-2023-38544 affects Ivanti Secure Access Client versions 22.2-r1, 22.3-r1, 22.3-r2, and 22.3-r3.
The severity of CVE-2023-38544 is medium with a severity value of 5.3.
CVE-2023-38544 can be exploited by a logged in user to compromise the integrity and security of the network on the affected system.
More information about CVE-2023-38544 can be found at the following link: [https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release](https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release)