Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-25000

8.8HIGH

Key Information:

Vendor: Ivanti
Status: Avalanche
Vendor: CVE Published:; 19 April 2024

Summary

A significant Path Traversal vulnerability exists in the web component of Ivanti Avalanche prior to version 6.4.3. This flaw permits remote authenticated attackers to exploit the system and execute arbitrary commands with SYSTEM privileges. The risk posed by this vulnerability emphasizes the need for users and organizations to upgrade to the patched version to safeguard their systems against potential exploitation.

Affected Version(s)

Avalanche 6.4.3

References

https://forums.ivanti.com/s/article/Avalanche-6-4-3-Secur...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Feb 2, 2024

Collectors

NVD DatabaseMitre Database