CVE-2023-38036
published 2025-07-12CVE-2023-38036: A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.82%
76.0th percentile
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.1 | 6.4.1 |
| ivanti | avalanche | >= 6.4.0 < 6.4.1 | 6.4.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product is Ivanti Avalanche Manager before version 6.4.1; monitor for unauthenticated buffer overflow attempts against the Avalanche Manager service ↗
- ·No specific exploit payloads, network indicators, file hashes, or attack-specific signatures were disclosed in the available sources. Detection opportunities are limited to version-based identification and behavioral anomaly monitoring on the Avalanche Manager service. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rmcg-3298-c99g: A security vulnerability within Ivanti Avalanche Manager before version 6
ghsa_unreviewed·2025-07-12
CVE-2023-38036 [CRITICAL] CWE-120 GHSA-rmcg-3298-c99g: A security vulnerability within Ivanti Avalanche Manager before version 6
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
Ivanti
Ivanti Security Advisory: CVE-2023-38036
vendor_ivanti·2025-07-12·CVSS 9.8
CVE-2023-38036 [CRITICAL] CWE-120 Ivanti Security Advisory: CVE-2023-38036
Ivanti Security Advisory: CVE-2023-38036
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
CVE IDs: CVE-2023-38036
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-120
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-12
Published