CVE-2023-28126
published 2023-05-09CVE-2023-28126: An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser…
PriorityP355medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
66.66%
99.2th percentile
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | <= 6.3.4.153 | — |
| ivanti | avalanche | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for exploitation of the SetUser method in Avalanche versions 6.3.x and below, which may indicate an authentication bypass attempt ↗
- ·Vulnerability affects Avalanche versions 6.3.x and below; patch or upgrade beyond 6.3.x to remediate ↗
- ·Two distinct attack vectors exist: abuse of the SetUser method and a race condition in the authentication message flow (CWE-305, CWE-362) ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9mhq-xcrq-xc75: An authentication bypass vulnerability exists in Avalanche versions 6
ghsa_unreviewed·2023-05-10
CVE-2023-28126 [MEDIUM] CWE-305 GHSA-9mhq-xcrq-xc75: An authentication bypass vulnerability exists in Avalanche versions 6
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
Ivanti
Ivanti Security Advisory: CVE-2023-28126
vendor_ivanti·2023-05-09·CVSS 5.9
CVE-2023-28126 [MEDIUM] CWE-305 Ivanti Security Advisory: CVE-2023-28126
Ivanti Security Advisory: CVE-2023-28126
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
CVE IDs: CVE-2023-28126
CVSS Base Score: 5.9
Severity: MEDIUM
CWEs: CWE-305, CWE-362
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://forums.ivanti.com/s/article/ZDI-CAN-17750-Ivanti-Avalanche-EnterpriseServer-GetSettings-Exposed-Dangerous-Method-Authentication-Bypass-Vulnerability?language=en_UShttps://forums.ivanti.com/s/article/ZDI-CAN-17750-Ivanti-Avalanche-EnterpriseServer-GetSettings-Exposed-Dangerous-Method-Authentication-Bypass-Vulnerability?language=en_US
2023-05-09
Published