Platform
ivanti
Component
ivanti-secure-access-client
Opgelost in
22.7R4
CVE-2024-9842 describes an incorrect permissions vulnerability in Ivanti Secure Access Client. This flaw allows a local, authenticated attacker to create arbitrary folders within the system, potentially leading to privilege escalation and unauthorized access. The vulnerability impacts versions of Ivanti Secure Access Client prior to 22.7R4, and a patch is available in version 22.7R4.
The primary impact of CVE-2024-9842 is the ability for a local, authenticated attacker to create arbitrary folders. While seemingly minor, this capability can be leveraged to escalate privileges. An attacker could create folders to store malicious files, potentially leading to code execution or data exfiltration. The attacker needs to be authenticated on the system to exploit this vulnerability, but once authenticated, the impact can be significant. This vulnerability does not involve remote code execution directly, but the ability to create arbitrary folders opens the door to further exploitation and compromise of the system.
CVE-2024-9842 was publicly disclosed on November 12, 2024. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability is not currently listed on the CISA KEV catalog. The probability of exploitation is considered low to medium, given the requirement for local authentication and the lack of readily available exploits.
Organizations using Ivanti Secure Access Client in environments where local user accounts have elevated privileges are particularly at risk. This includes environments with legacy configurations, shared hosting scenarios where user isolation is not strictly enforced, and deployments where standard users have unnecessary administrative rights.
• windows / supply-chain:
Get-Acl -Path "C:\Program Files\Ivanti\Secure Access Client\*" | Where-Object {$_.IdentityReference.Value -match "SYSTEM"}• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like "*SecureAccessClient*"}• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID=4663" -MaxEvents 10 | Select-Object -Property TimeCreated, ProcessName, Userdisclosure
Exploit Status
EPSS
0.22% (45% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-9842 is to upgrade Ivanti Secure Access Client to version 22.7R4 or later. If immediate upgrade is not possible due to compatibility issues or testing requirements, consider restricting user permissions within the Secure Access Client to limit the potential impact of this vulnerability. While not a complete fix, this can reduce the attack surface. There are no specific WAF or proxy rules that can directly mitigate this vulnerability, as it stems from an internal permission issue. After upgrading, confirm the fix by attempting to create a folder as a standard user and verifying that the operation is denied.
Actualice Ivanti Secure Access Client a la versión 22.7R4 o posterior. Esta actualización corrige las vulnerabilidades de permisos incorrectos que permiten la creación de carpetas arbitrarias por un atacante local autenticado.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-9842 is a HIGH severity vulnerability affecting Ivanti Secure Access Client versions ≤22.7R3, allowing a local authenticated attacker to create arbitrary folders, potentially leading to privilege escalation.
You are affected if you are running Ivanti Secure Access Client versions prior to 22.7R4 and have local authenticated users.
Upgrade Ivanti Secure Access Client to version 22.7R4 or later to remediate the vulnerability. Restrict user permissions as a temporary workaround.
As of now, there are no publicly available proof-of-concept exploits or confirmed active exploitation campaigns related to CVE-2024-9842.
Refer to the official Ivanti Security Advisory for detailed information and remediation steps: [https://www.ivanti.com/support/security-advisories/](https://www.ivanti.com/support/security-advisories/)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.