CVE-2023-38041 HIGH

CVE-2023-38041

Vendor Ivanti
Product Secure Access Client
Published October 25, 2023
Last update March 7, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

Key dates

02Disclosure timeline

October 25, 2023 CVE published
March 7, 2025 Record updated