cvelistv5 - cve-2023-34298

CVE-2023-34298 (GCVE-0-2023-34298)

Vulnerability from cvelistv5 – Published: 2024-05-03 01:57 – Updated: 2024-08-02 16:10

Summary

Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687.

Severity ?

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

zdi

References

URL

Tags

https://www.zerodayinitiative.com/advisories/ZDI-…

x_research-advisory

Impacted products

	Vendor	Product	Version
	Pulse Secure	Client	Affected: 9.1r15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pulsesecure:client:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "client",
            "vendor": "pulsesecure",
            "versions": [
              {
                "lessThanOrEqual": "9.1r15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-34298",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T20:19:02.957747Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T20:38:23.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://forums.ivanti.com/s/article/CVE-2023-34298-Ivanti-Secure-Access-Client-local-privilege-escalation?language=en_US"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:10:06.390Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-858",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-858/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Client",
          "vendor": "Pulse Secure",
          "versions": [
            {
              "status": "affected",
              "version": "9.1r15"
            }
          ]
        }
      ],
      "dateAssigned": "2023-05-31T15:02:02.176-05:00",
      "datePublic": "2023-06-14T17:25:03.118-05:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T01:57:22.109Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-858",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-858/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Anonymous"
      },
      "title": "Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-34298",
    "datePublished": "2024-05-03T01:57:22.109Z",
    "dateReserved": "2023-05-31T19:51:08.224Z",
    "dateUpdated": "2024-08-02T16:10:06.390Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\\n\\nThe specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de escalada de privilegios locales Directory Traversal de servicios de configuraci\\u00f3n segura del cliente Pulse. Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de Pulse Secure Client. Un atacante primero debe obtener la capacidad de ejecutar c\\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\\u00edfica existe dentro de SetupService. El problema se debe a la falta de validaci\\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivos. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\\u00f3digo arbitrario en el contexto del servicio. Era ZDI-CAN-17687.\"}]",
      "id": "CVE-2023-34298",
      "lastModified": "2024-11-21T08:06:57.667",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2024-05-03T02:15:30.500",
      "references": "[{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-858/\", \"source\": \"zdi-disclosures@trendmicro.com\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-858/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-34298-Ivanti-Secure-Access-Client-local-privilege-escalation?language=en_US\", \"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]",
      "sourceIdentifier": "zdi-disclosures@trendmicro.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-34298\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2024-05-03T02:15:30.500\",\"lastModified\":\"2025-08-13T12:23:38.660\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\\n\\nThe specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de escalada de privilegios locales Directory Traversal de servicios de configuraci\u00f3n segura del cliente Pulse. Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de Pulse Secure Client. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro de SetupService. El problema se debe a la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivos. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto del servicio. Era ZDI-CAN-17687.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:pulse_secure_desktop_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.1\",\"matchCriteriaId\":\"85545CE7-42E2-4A38-B994-A942E5A112E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:pulse_secure_desktop_client:9.1:r15:*:*:*:*:*:*\",\"matchCriteriaId\":\"5782F4DE-C3DF-48BB-929A-3DDE7979FA5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:pulse_secure_installer_service:9.1:r18.23345:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA214360-6D76-464B-A98C-E090B0FCAA0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:pulse_secure_installer_service:22.4.1439:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AFFB9F-9ED3-4952-8427-87CBA889C662\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:secure_access_client:22.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D665F77-7241-41C9-AC24-DD429AC5D37D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:secure_access_client:22.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D2EA68A-7006-40D0-AA64-179847B806BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:secure_access_client:22.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEA2E51B-4A95-4A3F-A273-34C3CC0328A2\"}]}]}],\"references\":[{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-23-858/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-23-858/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://forums.ivanti.com/s/article/CVE-2023-34298-Ivanti-Secure-Access-Client-local-privilege-escalation?language=en_US\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-858/\", \"name\": \"ZDI-23-858\", \"tags\": [\"x_research-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:10:06.390Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-34298\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-05T20:19:02.957747Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:pulsesecure:client:*:*:*:*:*:*:*:*\"], \"vendor\": \"pulsesecure\", \"product\": \"client\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.1r15\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-34298-Ivanti-Secure-Access-Client-local-privilege-escalation?language=en_US\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-05T20:38:04.047Z\"}}], \"cna\": {\"title\": \"Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability\", \"source\": {\"lang\": \"en\", \"value\": \"Anonymous\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Pulse Secure\", \"product\": \"Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.1r15\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2023-06-14T17:25:03.118-05:00\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-858/\", \"name\": \"ZDI-23-858\", \"tags\": [\"x_research-advisory\"]}], \"dateAssigned\": \"2023-05-31T15:02:02.176-05:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\\n\\nThe specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"shortName\": \"zdi\", \"dateUpdated\": \"2024-05-03T01:57:22.109Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-34298\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T16:10:06.390Z\", \"dateReserved\": \"2023-05-31T19:51:08.224Z\", \"assignerOrgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"datePublished\": \"2024-05-03T01:57:22.109Z\", \"assignerShortName\": \"zdi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-JF2J-R53V-M3V2

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2025-08-13 12:31

Details

The specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687.

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-34298"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T02:15:30Z",
    "severity": "HIGH"
  },
  "details": "Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687.",
  "id": "GHSA-jf2j-r53v-m3v2",
  "modified": "2025-08-13T12:31:29Z",
  "published": "2024-05-03T03:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34298"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-34298-Ivanti-Secure-Access-Client-local-privilege-escalation?language=en_US"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-858"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-34298

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2023-34298

Aliases

CVE-2023-34298

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-34298",
    "id": "GSD-2023-34298"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-34298"
      ],
      "id": "GSD-2023-34298",
      "modified": "2023-12-13T01:20:30.769565Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-34298",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

FKIE_CVE-2023-34298

Vulnerability from fkie_nvd - Published: 2024-05-03 02:15 - Updated: 2025-08-13 12:23

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
zdi-disclosures@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-23-858/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-23-858/	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://forums.ivanti.com/s/article/CVE-2023-34298-Ivanti-Secure-Access-Client-local-privilege-escalation?language=en_US	Vendor Advisory

Impacted products

Vendor	Product	Version
ivanti	pulse_secure_desktop_client	*
ivanti	pulse_secure_desktop_client	9.1
ivanti	pulse_secure_installer_service	9.1
ivanti	pulse_secure_installer_service	22.4.1439
ivanti	secure_access_client	22.2
ivanti	secure_access_client	22.3
ivanti	secure_access_client	22.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:pulse_secure_desktop_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85545CE7-42E2-4A38-B994-A942E5A112E9",
              "versionEndExcluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:pulse_secure_desktop_client:9.1:r15:*:*:*:*:*:*",
              "matchCriteriaId": "5782F4DE-C3DF-48BB-929A-3DDE7979FA5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:pulse_secure_installer_service:9.1:r18.23345:*:*:*:*:*:*",
              "matchCriteriaId": "FA214360-6D76-464B-A98C-E090B0FCAA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:pulse_secure_installer_service:22.4.1439:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AFFB9F-9ED3-4952-8427-87CBA889C662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "6D665F77-7241-41C9-AC24-DD429AC5D37D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "3D2EA68A-7006-40D0-AA64-179847B806BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "AEA2E51B-4A95-4A3F-A273-34C3CC0328A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de escalada de privilegios locales Directory Traversal de servicios de configuraci\u00f3n segura del cliente Pulse. Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de Pulse Secure Client. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro de SetupService. El problema se debe a la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivos. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto del servicio. Era ZDI-CAN-17687."
    }
  ],
  "id": "CVE-2023-34298",
  "lastModified": "2025-08-13T12:23:38.660",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-03T02:15:30.500",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-858/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-858/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://forums.ivanti.com/s/article/CVE-2023-34298-Ivanti-Secure-Access-Client-local-privilege-escalation?language=en_US"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    }
  ]
}

CERTFR-2023-AVI-0492

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits Ivanti. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ivanti	N/A	Pulse Secure Desktop Client versions 9.1R15 et antérieures (correctif prévu pour juillet 2023)
Ivanti	N/A	Ivanti Secure Access Client versions antérieures à 22.3R3
Ivanti	N/A	Pulse Secure Installer Service versions antérieures à 9.1R18.23795

References

Title

Publication Time

Tags

Bulletin de sécurité Ivanti CVE-2023-34298 du 22 juin 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pulse Secure Desktop Client versions 9.1R15 et ant\u00e9rieures (correctif pr\u00e9vu pour juillet 2023)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Ivanti Secure Access Client versions ant\u00e9rieures \u00e0 22.3R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Pulse Secure Installer Service versions ant\u00e9rieures \u00e0 9.1R18.23795",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-34298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34298"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0492",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Ivanti. Elle permet\n\u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Ivanti",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-34298 du 22 juin 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-34298-Ivanti-Secure-Access-Client-local-privilege-escalation"
    }
  ]
}

CERTFR-2023-AVI-0492

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits Ivanti. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ivanti	N/A	Pulse Secure Desktop Client versions 9.1R15 et antérieures (correctif prévu pour juillet 2023)
Ivanti	N/A	Ivanti Secure Access Client versions antérieures à 22.3R3
Ivanti	N/A	Pulse Secure Installer Service versions antérieures à 9.1R18.23795

References

Title

Publication Time

Tags

Bulletin de sécurité Ivanti CVE-2023-34298 du 22 juin 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pulse Secure Desktop Client versions 9.1R15 et ant\u00e9rieures (correctif pr\u00e9vu pour juillet 2023)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Ivanti Secure Access Client versions ant\u00e9rieures \u00e0 22.3R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    },
    {
      "description": "Pulse Secure Installer Service versions ant\u00e9rieures \u00e0 9.1R18.23795",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ivanti",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-34298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34298"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0492",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Ivanti. Elle permet\n\u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Ivanti",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-34298 du 22 juin 2023",
      "url": "https://forums.ivanti.com/s/article/CVE-2023-34298-Ivanti-Secure-Access-Client-local-privilege-escalation"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-34298 (GCVE-0-2023-34298)

GHSA-JF2J-R53V-M3V2

GSD-2023-34298

FKIE_CVE-2023-34298

CERTFR-2023-AVI-0492

Solution

CERTFR-2023-AVI-0492

Solution

Tags

Sightings

Nomenclature