An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.

Thanks to a Researcher at Tenable for finding and reporting.

Fixed in version 6.4.1.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 06 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2025-03-06T15:46:27.791Z

Reserved: 2023-05-10T01:00:12.524Z

Link: CVE-2023-32560

cve-icon Vulnrichment

Updated: 2024-08-02T15:18:37.790Z

cve-icon NVD

Status : Modified

Published: 2023-08-10T20:15:10.200

Modified: 2025-03-06T16:15:41.303

Link: CVE-2023-32560

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.