A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 06 May 2025 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Tue, 07 Jan 2025 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti avalanche
CPEs cpe:2.3:a:ivanti:avalanche:6.4.3:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti avalanche
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 07 Jan 2025 00:45:00 +0000

Type Values Removed Values Added
Description A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2025-01-07T00:40:56.985Z

Reserved: 2024-02-02T01:04:07.450Z

Link: CVE-2024-24992

cve-icon Vulnrichment

Updated: 2024-08-01T23:36:21.607Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-19T02:15:08.613

Modified: 2025-05-06T18:28:49.363

Link: CVE-2024-24992

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.