#VU100505 Buffer overflow in Ivanti products - CVE-2024-38654
Published: November 14, 2024
Vulnerability identifier: #VU100505
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-38654
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Ivanti Secure Access Client for Windows
Ivanti Secure Access Client for macOS
Ivanti Secure Access Client for Linux
Ivanti Secure Access Client for Windows
Ivanti Secure Access Client for macOS
Ivanti Secure Access Client for Linux
Software vendor:
Ivanti
Ivanti
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A local privileged user can trigger a buffer overflow and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.