cbcvebase.
CVE-2022-36972
published 2023-03-29

CVE-2022-36972: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.53%
93.0th percentile
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiavalanche
ivantiavalanche>= 6.3.2.3490 < 6.3.46.3.4

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability exists within the ProfileDaoImpl class; monitor for crafted requests targeting this class that may contain SQL injection payloads intended to bypass authentication
  • Focus detection on unauthenticated requests to Ivanti Avalanche 6.3.2.3490 endpoints that include unsanitized user-supplied strings in SQL query contexts, consistent with CWE-89 (SQL Injection) exploitation leading to authentication bypass
  • ·Affected version is specifically Ivanti Avalanche 6.3.2.3490; detections and mitigations should be scoped to this version
  • ·CVSS Base Score is 9.8 (CRITICAL) with CWE-89 (SQL Injection); prioritize patching and network-level controls for internet-exposed Avalanche instances

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.