Ivanti Avalanche Under Attack: Out-of-Bounds Read Vulnerability Leads to DoS and RCE

CVE-2024-23532

7.5HIGH

Key Information

Vendor: Ivanti
Status: Avalanche
Vendor: CVE Published:; 19 April 2024

Summary

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

Affected Version(s)

Avalanche < 6.4.3

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.5 - (HIGH)
Apr 19, 2024
Vulnerability published.
Apr 19, 2024
Vulnerability Reserved.
Jan 18, 2024

Collectors

NVD DatabaseMitre Database

.