Denial of Service Vulnerability in Ivanti Avalanche by Ivanti
CVE-2024-50319

7.5HIGH

Key Information:

Vendor: Ivanti
Status: Avalanche
Vendor: CVE Published:; 12 November 2024

Summary

An infinite loop vulnerability has been identified in Ivanti Avalanche prior to version 6.4.6, which could allow a remote unauthenticated attacker to initiate a denial of service. By exploiting this flaw, attackers may disrupt the service availability of the product, leading to potential downtime and operational issues. It is crucial for organizations using Ivanti Avalanche to apply the latest updates to mitigate the risks posed by this vulnerability and ensure the stability of their systems.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024