CVE-2023-38041
Description
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
NVD
Severity: HIGH
CVE ID: CVE-2023-38041
CVSS Score: 7.0
CVSS Metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
HackerOne
Severity: HIGH
CVE ID: CVE-2023-38041
CVSS Score: 7.8
CVSS Metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
ewilded
Ivanti Pulse Secure Client Connect Local Privilege Escalation CVE-2023-38041 Proof of Concept
Refrence: GitHub