Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.
During installation, installed file permissions are set to allow anyone to modify those files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Application_control | Ivanti | * | 2023.3 (including) |
Application_control | Ivanti | 2023.3 (including) | 2023.3 (including) |
Application_control | Ivanti | 2023.3-hf1 (including) | 2023.3-hf1 (including) |
Application_control | Ivanti | 2023.3-hf2 (including) | 2023.3-hf2 (including) |
Application_control | Ivanti | 2024.1 (including) | 2024.1 (including) |
Application_control | Ivanti | 2024.1-hf1 (including) | 2024.1-hf1 (including) |
Application_control | Ivanti | 2024.3 (including) | 2024.3 (including) |