CVE-2023-41726

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 3, 2023
Updated: Nov 9, 2023
CWE ID 276

Summary

CVE-2023-41726 is a newly disclosed vulnerability affecting Ivanti Avalanche. The issue stems from incorrect default permissions, granting local users the ability to escalate privileges. This can potentially enable attackers to gain elevated access and exploit the system, leading to significant security risks. Ivanti has released a patch to address this vulnerability and urges users to apply it promptly to mitigate potential threats. Unpatched systems are left vulnerable to attacks, allowing unauthorized users to potentially access sensitive data or gain administrative control.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Ivanti Avalanche

Affected Vendors

  • Ivanti Software Inc.