CVE-2024-29211

low-risk
Published 2024-11-13

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10 Medium
LOCAL / HIGH complexity

Affected Products (5)

Secure Access Client
Secure Access Client
Secure Access Client
Secure Access Client
Secure Access Client

Affected Vendors

Ivanti

References (1)

Vendor Advisory https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-...
25
/ 100
low-risk
Severity 12/34 · Low
Exploitability 1/34 · Minimal
Exposure 12/34 · Low