CVE-2023-28128
published 2023-05-09CVE-2023-28128: An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove…
PriorityP271high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
84.70%
99.7th percentile
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | <= 6.3.4.153 | — |
| ivanti | avalanche | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for changes to the Central FileStore configuration path in Ivanti Avalanche, specifically attempts to set the path to a web-accessible directory using MS-DOS style short names (e.g., 8.3 format paths). ↗
- →Alert on JSP file uploads to the Ivanti Avalanche web root directory, which may indicate exploitation of the unrestricted file upload vulnerability. ↗
- →Detect HTTP POST requests to the FileStoreConfig endpoint that include path traversal or short-name (8.3) style directory components pointing to the web root. ↗
- →Monitor for web shell execution (e.g., JSP process spawning cmd.exe or powershell.exe) running under NT AUTHORITY\SYSTEM in the context of the Ivanti Avalanche web server. ↗
- ·The vulnerability affects Avalanche versions 6.3.x and below; the Metasploit module targets versions prior to v6.4.0.186. Ensure the patched version (6.4.0.186+) is confirmed before assuming remediation. ↗
- ·Exploitation requires administrator-level access to the Avalanche management interface to change the FileStore path — detections should account for authenticated abuse scenarios, not just unauthenticated access. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2023-28128
vendor_ivanti·2023-05-09·CVSS 7.2
CVE-2023-28128 [HIGH] CWE-434 Ivanti Security Advisory: CVE-2023-28128
Ivanti Security Advisory: CVE-2023-28128
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
CVE IDs: CVE-2023-28128
CVSS Base Score: 7.2
Severity: HIGH
CWEs: CWE-434
GHSA
GHSA-8mxm-mxmw-hjrg: An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6
ghsa_unreviewed·2023-05-10
CVE-2023-28128 [HIGH] CWE-434 GHSA-8mxm-mxmw-hjrg: An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/172398/Ivanti-Avalanche-FileStoreConfig-Shell-Upload.htmlhttps://forums.ivanti.com/s/article/ZDI-CAN-17812-Ivanti-Avalanche-FileStoreConfig-Arbitrary-File-Upload-Remote-Code-Execution-Vulnerability?language=en_UShttp://packetstormsecurity.com/files/172398/Ivanti-Avalanche-FileStoreConfig-Shell-Upload.htmlhttps://forums.ivanti.com/s/article/ZDI-CAN-17812-Ivanti-Avalanche-FileStoreConfig-Arbitrary-File-Upload-Remote-Code-Execution-Vulnerability?language=en_UShttps://packetstorm.news/files/id/172398
2023-05-09
Published