CVE-2021-42126
published 2021-12-07CVE-2021-42126: An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform…
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.87%
88.9th percentile
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.3.3 | 6.3.3 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2021-42126
vendor_ivanti·2021-12-07·CVSS 8.8
CVE-2021-42126 [HIGH] CWE-285 Ivanti Security Advisory: CVE-2021-42126
Ivanti Security Advisory: CVE-2021-42126
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
CVE IDs: CVE-2021-42126
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-285
GHSA
GHSA-mgfp-f8w4-cfpf: An improper authorization control vulnerability exists in Ivanti Avalanche before 6
ghsa_unreviewed·2021-12-08
CVE-2021-42126 [HIGH] CWE-863 GHSA-mgfp-f8w4-cfpf: An improper authorization control vulnerability exists in Ivanti Avalanche before 6
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-07
Published