Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-24992

8.8HIGH

Key Information:

Vendor: Ivanti
Status: Avalanche
Vendor: CVE Published:; 19 April 2024

Summary

A Path Traversal vulnerability exists within the web component of Ivanti Avalanche versions prior to 6.4.3, which allows remote authenticated attackers to exploit the system by executing arbitrary commands with SYSTEM privileges. This vulnerability poses significant security risks as it could enable unauthorized access and control over the affected systems.

Affected Version(s)

Avalanche 6.4.3

References

ZDI-CAN-22854https://forums.ivanti.com/s/article/Avalanch...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Feb 2, 2024

Collectors

NVD DatabaseMitre Database