Cyber Resilience

CVE-2024-13813

HighLPE

Published: 11 February 2025

Published
11 February 2025
Modified
20 February 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0023 45.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13813 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Ivanti Secure Access Client. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data Destruction (T1485); ranked at the 45.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2024-13813 is an insufficient permissions vulnerability (CWE-732) affecting Ivanti Secure Access Client in versions before 22.8R1. The issue stems from inadequate access controls that enable unauthorized file operations. It carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and was published on 2025-02-11.

A local authenticated attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation allows deletion of arbitrary files on the system, resulting in high integrity and availability impacts, such as data loss or service disruption, though confidentiality remains unaffected.

Ivanti's February Security Advisory covers this CVE alongside others in Ivanti Connect Secure, Policy Secure, and Secure Access Client, recommending an upgrade to version 22.8R1 or later to mitigate the issue. Full details are available at https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs.

EU & UK References

Vulnerability details

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

Arbitrary file deletion by low-priv local attacker directly enables data destruction (T1485) with high integrity/availability impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-22454Same product: Ivanti Secure Access Client
CVE-2026-8110Same vendor: Ivanti
CVE-2026-8992Same product: Ivanti Secure Access Client
CVE-2026-7432Same product: Ivanti Secure Access Client
CVE-2024-13171Same vendor: Ivanti
CVE-2024-13164Same vendor: Ivanti
CVE-2024-13180Same vendor: Ivanti
CVE-2024-13172Same vendor: Ivanti
CVE-2024-13167Same vendor: Ivanti
CVE-2026-5788Same vendor: Ivanti

Affected Assets

ivanti
secure access client
≤ 22.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege principle to restrict low-privilege local users from deleting arbitrary files beyond their authorized scope.

prevent

Requires the system to enforce approved authorizations, directly mitigating insufficient permissions that allow unauthorized file deletions.

prevent

Implements a tamper-proof reference monitor to mediate and enforce all access control decisions for file operations, preventing exploitation of permission flaws.

References