Ivanti Workspace Control before 10.3.180.0 Incorrect Default Permissions Vulnerability

Summary

A locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences. As a result, the attacker can start applications that should be blocked.

Credit:

The information has been provided by Vendor

The original article can be found at:https://forums.ivanti.com/s/article/Locally-authenticated-user-can-bypass-File-and-Folder-Security-by-leveraging-an-unspecified-attack-vector


Details

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.

 

Vulnerable Systems:

Ivanti Workspace Control before 10.3.180.0

 

CVE Information:

CVE-2019-19675

 

Disclosure Timeline:
Published Date:12/17/2019

Categories: News