An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 06 May 2025 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


Thu, 19 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti avalanche
CPEs cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti avalanche
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-09-19T05:08:34.779Z

Reserved: 2024-03-21T01:04:07.089Z

Link: CVE-2024-29848

cve-icon Vulnrichment

Updated: 2024-09-19T05:08:34.779Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-31T18:15:12.727

Modified: 2025-05-06T14:43:00.593

Link: CVE-2024-29848

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.