Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Connect_secure | Ivanti | * | 9.1 (excluding) |
Connect_secure | Ivanti | 21.9 (including) | 22.6 (excluding) |
Connect_secure | Ivanti | 9.1 (including) | 9.1 (including) |
Connect_secure | Ivanti | 22.6 (including) | 22.6 (including) |
Connect_secure | Ivanti | 22.6-r1 (including) | 22.6-r1 (including) |
Policy_secure | Ivanti | * | 9.1 (excluding) |
Policy_secure | Ivanti | 22.1 (including) | 22.7 (excluding) |
Policy_secure | Ivanti | 9.1 (including) | 9.1 (including) |
Policy_secure | Ivanti | 22.7 (including) | 22.7 (including) |