A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 06 May 2025 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Mon, 24 Mar 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Thu, 13 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti avalanche
CPEs cpe:2.3:a:ivanti:avalanche:6.4.3:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti avalanche
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2025-03-24T21:08:25.157Z

Reserved: 2024-02-02T01:04:07.450Z

Link: CVE-2024-24996

cve-icon Vulnrichment

Updated: 2024-08-01T23:36:21.398Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-19T02:15:09.240

Modified: 2025-05-06T19:17:31.117

Link: CVE-2024-24996

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.