CVE-2023-38041

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Oct 25, 2023
Updated: Oct 31, 2023
CWE ID 367

Summary

CVE-2023-38041 is a new vulnerability disclosed, which affects systems where a TOCTOU (Time-of-Check to Time-of-Use) race condition exists. This condition arises when a process flow is initiated, and an attacker manipulates the system by exploiting the gap between a check for permissions and the use of those permissions. Consequently, an unprivileged user can gain elevated privileges and potentially gain unauthorized access to sensitive areas of the affected system. This vulnerability poses a significant risk to the security of the impacted systems and requires immediate attention from system administrators to mitigate and apply available patches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Ivanti Secure Access Client

Affected Vendors

  • Ivanti Software Inc.