cbcvebase.
CVE-2023-38036
published 2025-07-12

CVE-2023-38036: A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.82%
76.0th percentile
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiavalanche< 6.4.16.4.1
ivantiavalanche>= 6.4.0 < 6.4.16.4.1

Detection & IOCsextracted from sources · hover to see the quote

  • Target product is Ivanti Avalanche Manager before version 6.4.1; monitor for unauthenticated buffer overflow attempts against the Avalanche Manager service
  • ·No specific exploit payloads, network indicators, file hashes, or attack-specific signatures were disclosed in the available sources. Detection opportunities are limited to version-based identification and behavioral anomaly monitoring on the Avalanche Manager service.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.