CVE-2024-13813

HighLPE

Published: 11 February 2025

Published

11 February 2025

Modified

20 February 2025

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0017 37.4th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13813 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Ivanti Secure Access Client. Its CVSS base score is 7.1 (High).

Operationally, ranked at the 37.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Enforces least privilege principle to restrict low-privilege local users from deleting arbitrary files beyond their authorized scope.

AC-3 Access Enforcement good match

prevent

Requires the system to enforce approved authorizations, directly mitigating insufficient permissions that allow unauthorized file deletions.

AC-25 Reference Monitor good match

prevent

Implements a tamper-proof reference monitor to mediate and enforce all access control decisions for file operations, preventing exploitation of permission flaws.

NVD Description

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

Deeper analysisAI

CVE-2024-13813 is an insufficient permissions vulnerability (CWE-732) affecting Ivanti Secure Access Client in versions before 22.8R1. The issue stems from inadequate access controls that enable unauthorized file operations. It carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and was published on 2025-02-11.

A local authenticated attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation allows deletion of arbitrary files on the system, resulting in high integrity and availability impacts, such as data loss or service disruption, though confidentiality remains unaffected.

Ivanti's February Security Advisory covers this CVE alongside others in Ivanti Connect Secure, Policy Secure, and Secure Access Client, recommending an upgrade to version 22.8R1 or later to mitigate the issue. Full details are available at https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs.

Details

CWE(s): CWE-732

Affected Products

ivanti

secure access client

≤ 22.8

CVEs Like This One

CVE-2025-22454Same product: Ivanti Secure Access Client

CVE-2025-9872Same vendor: Ivanti

CVE-2025-9712Same vendor: Ivanti

CVE-2026-5786Same vendor: Ivanti

CVE-2026-6973Same vendor: Ivanti

CVE-2025-55142Same vendor: Ivanti

CVE-2024-47908Same vendor: Ivanti

CVE-2024-13167Same vendor: Ivanti

CVE-2024-13181Same vendor: Ivanti

CVE-2024-13169Same vendor: Ivanti

References

https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs
Vendor Advisory · 3c1d8aa1-5a33-4ea4-8992-aadd6440af75