CVE-2023-38041
CVSS 3.1 Score 7.0 of 10 (high)
Details
Summary
CVE-2023-38041 is a new vulnerability disclosed, which affects systems where a TOCTOU (Time-of-Check to Time-of-Use) race condition exists. This condition arises when a process flow is initiated, and an attacker manipulates the system by exploiting the gap between a check for permissions and the use of those permissions. Consequently, an unprivileged user can gain elevated privileges and potentially gain unauthorized access to sensitive areas of the affected system. This vulnerability poses a significant risk to the security of the impacted systems and requires immediate attention from system administrators to mitigate and apply available patches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Ivanti Secure Access Client
Affected Vendors
- Ivanti Software Inc.