Heap Overflow Vulnerability in Ivanti Avalanche Could Lead to Arbitrary Command Execution
CVE-2024-24996

9.8CRITICAL

Key Information:

Vendor

Ivanti
Status
Avalanche
Vendor
CVE Published:
19 April 2024

What is CVE-2024-24996?

A security vulnerability exists in the WLInfoRailService component of Ivanti Avalanche versions prior to 6.4.3, identified as a heap overflow issue. This vulnerability can allow unauthenticated remote attackers to execute arbitrary commands on the affected systems. Due to the nature of the vulnerability, it poses significant risks to system integrity and confidentiality, enabling attackers to manipulate system processes. Organizations using affected versions of Ivanti Avalanche are strongly advised to upgrade to version 6.4.3 or later to mitigate potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Avalanche 6.4.3

References

https://forums.ivanti.com/s/article/Avalanche-6-4-3-Secur...

EPSS Score

41% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.