Remotely Exploitable Path Traversal Vulnerability in Ivanti Avalanche Before Version 6.4.5
CVE-2024-47009

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Avalanche
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-47009?

A significant vulnerability exists in Ivanti Avalanche versions prior to 6.4.5, characterized as a path traversal flaw. This vulnerability enables remote unauthenticated attackers to exploit the system, allowing them to bypass authentication mechanisms. This breach can potentially lead to unauthorized access to sensitive data and system functionalities, emphasizing the critical need for users to update to the latest version to mitigate associated risks.

Affected Version(s)

Avalanche 6.4.5

References

https://forums.ivanti.com/s/article/Ivanti-Avalanche-6-4-...

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 16, 2024