CVE-2024-23532

CVSS 7.5 HIGHEPSS 1.8%CWE-125

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

19 Apr 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Ivanti · Avalanche

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US