A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.

When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system.