Buffer overflow in Ivanti products - CVE-2024-38654
Published: November 14, 2024
Vulnerability identifier: #VU100505
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-38654
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Ivanti
Affected software:
Ivanti Secure Access Client for Windows
Ivanti Secure Access Client for macOS
Ivanti Secure Access Client for Linux
Ivanti Secure Access Client for Windows
Ivanti Secure Access Client for macOS
Ivanti Secure Access Client for Linux
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A local privileged user can trigger a buffer overflow and perform a denial of service (DoS) attack.
How to mitigate CVE-2024-38654
Install updates from vendor's website.