vulnerability

Ivanti Secure Access Client: CVE-2023-38041: Time-of-check Time-of-use (TOCTOU) Race Condition

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Oct 19, 2023	Oct 9, 2025	Oct 9, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Oct 19, 2023

Added

Oct 9, 2025

Modified

Oct 9, 2025

Description

A vulnerability exists on all versions of the Ivanti Secure Access Client Below 22.6R1 that would allow an unprivileged local user to gain unauthorized elevated privileges on the affected system.

Solution

ivanti-secure-access-client-upgrade-latest

References

URL-https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US
CVE-2023-38041
https://attackerkb.com/topics/CVE-2023-38041
CWE-367

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today