Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2023-38041

CVE-2023-38041

7.0

High

Published:25 Oct 2023

Last updated:17 Jun 2026

Source:support@hackerone.com

Modified

Weakness (CWE)

CWE-367CWE-367

CVSS Vector

v3.1

Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

References

support@hackerone.com

https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US

af854a3a-2127-422b-91ae-364da2661108

https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US