CVE-2022-44574

7.5HIGH

Key Information:

Vendor: Ivanti
Status: Ivanti Avalanche
Vendor: CVE Published:; 10 March 2023

Summary

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

Affected Version(s)

Ivanti Avalanche Fixed in version 6.4.0 and above

References

https://forums.ivanti.com/s/article/Avalanche-ZDI-CAN-195...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2023
Vulnerability Reserved
Nov 1, 2022

Collectors

NVD DatabaseMitre Database