CVE-2023-38043 – This vulnerability in Ivanti Secure Access Clie... (How to Fix)

Q: What is the severity of CVE-2023-38043?

CVE-2023-38043 has a CVSS score of 7.8 (HIGH). This vulnerability in Ivanti Secure Access Client allows locally authenticated attackers to exploit a misconfiguration, potentially causing denial of service on user machines and in worst cases leading to full system compromise. All versions below 22.6R1.1 are affected, requiring local access to the target system.

📋 TL;DR

This vulnerability in Ivanti Secure Access Client allows locally authenticated attackers to exploit a misconfiguration, potentially causing denial of service on user machines and in worst cases leading to full system compromise. All versions below 22.6R1.1 are affected, requiring local access to the target system.

💻 Affected Systems

Products:

Ivanti Secure Access Client

Versions: All versions below 22.6R1.1

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authentication on the affected machine.

📦 What is this software?

Secure Access Client by Ivanti

View all CVEs affecting Secure Access Client →

Secure Access Client by Ivanti

View all CVEs affecting Secure Access Client →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary kernel function calls, allowing complete control over the affected machine.

🟠

Likely Case

Denial of service condition on user workstations, disrupting VPN connectivity and potentially requiring system reboot.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially only service disruption.

🌐 Internet-Facing: LOW - Requires local authentication, not directly exploitable from internet.

🏢 Internal Only: HIGH - Local attackers or compromised accounts can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of vulnerable configuration exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.6R1.1 and later

Vendor Advisory: https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release

Restart Required: Yes

Instructions:

1. Download Ivanti Secure Access Client version 22.6R1.1 or later from official Ivanti portal. 2. Uninstall previous version. 3. Install updated version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local user access to systems running Ivanti Secure Access Client to reduce attack surface.

Monitor for Suspicious Activity

all

Implement enhanced monitoring for Ivanti client processes and kernel interactions.

🧯 If You Can't Patch

Implement strict local access controls and least privilege principles
Monitor systems for unusual Ivanti client behavior or crash events

🔍 How to Verify

Check if Vulnerable:

Check Ivanti Secure Access Client version in application settings or via 'About' menu.

Check Version:

On Windows: Check program version in Control Panel > Programs and Features. On Linux/macOS: Check application version in GUI or via package manager.

Verify Fix Applied:

Verify version is 22.6R1.1 or higher in application settings.

📡 Detection & Monitoring

Log Indicators:

Unexpected Ivanti client crashes
Kernel access violations
Unusual local authentication patterns

Network Indicators:

Sudden VPN disconnections
Unusual local network traffic from Ivanti processes

SIEM Query:

source="*ivanti*" AND (event_type="crash" OR event_type="privilege_escalation")

📊 Metadata

CVE ID: CVE-2023-38043

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-400

Published: November 15, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38043, you might also want to check these: