Integer Overflow Vulnerability in WLInfoRailService Could Lead to Denial of Service and Memory Reading

CVE-2024-23531

7.5HIGH

Key Information

Vendor: Ivanti
Status: Avalanche
Vendor: CVE Published:; 19 April 2024

Summary

An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.

Affected Version(s)

Avalanche < 6.4.3

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.5 - (HIGH)
Apr 19, 2024
Vulnerability published.
Apr 19, 2024
Vulnerability Reserved.
Jan 18, 2024

Collectors

NVD DatabaseMitre Database