7 - CVE-2023-38041

Executive Summary

Informations
Name	CVE-2023-38041	First vendor Publication	2023-10-25
Vendor	Cve	Last vendor Modification	2025-03-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	7
Base Score	7	Environmental Score	7
impact SubScore	5.9	Temporal Score	7
Exploitabality Sub Score	1

Attack Vector	Local	Attack Complexity	High
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38041

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition

CPE : Common Platform Enumeration

Type	Description	Count
Application	Ivanti Secure Access Client cpe:2.3:a:ivanti:secure_access_client:22.3:r1:::::: cpe:2.3:a:ivanti:secure_access_client:22.3:r2:::::: cpe:2.3:a:ivanti:secure_access_client:22.3:r3:::::: cpe:2.3:a:ivanti:secure_access_client:22.2:r1:::::: cpe:2.3:a:ivanti:secure_access_client::::::::	5

Sources (Detail)

https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2025-03-08 00:21:21	Multiple Updates
2024-11-28 14:27:43	Multiple Updates
2023-11-23 02:32:26	Multiple Updates
2023-10-31 17:27:24	Multiple Updates
2023-10-26 00:27:22	First insertion