Remote Unauth DoS Vulnerability in Ivanti Avalanche 6.3.1
CVE-2024-37399

7.5HIGH

Key Information:

Vendor: Ivanti
Status: Avalanche
Vendor: CVE Published:; 14 August 2024

Summary

A vulnerability exists in the WLAvalancheService within Ivanti Avalanche version 6.3.1, where a NULL pointer dereference can be exploited by remote unauthenticated attackers. This flaw can lead to the unintentional crashing of the service, thereby affecting its stability. The potential for denial of service presents a significant concern for organizations relying on Ivanti Avalanche for effective management and security of their mobile and device infrastructures.

Affected Version(s)

Avalanche 6.4.4

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Jun 8, 2024