CVE-2023-35080
HIGHIvanti Secure Access Client < 22.6 - Incorrect Default Permissions
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2023-35080. PoCs published by tijme, HopHouse.
AI-analyzed exploit summary This repository contains a privilege escalation exploit for CVE-2023-35080, targeting Ivanti Pulse Secure. The exploit leverages a buffer overflow vulnerability in a vulnerable IOCTL to achieve local privilege escalation.
Description
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
Exploits (2)
This repository contains a privilege escalation exploit for CVE-2023-35080, targeting Ivanti Pulse Secure. The exploit leverages a buffer overflow vulnerability in a vulnerable IOCTL to achieve local privilege escalation.
This is a privilege escalation exploit for CVE-2023-35080 targeting Ivanti Pulse VPN Client. The code interacts with kernel structures to manipulate handles and achieve elevated privileges.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H