cbcvebase.
CVE-2023-46262
published 2023-12-19

CVE-2023-46262: An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control…

PriorityP265high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
82.85%
99.6th percentile
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiavalanche<= 6.4.1
ivantiavalanche6.4.1 – 6.4.1

Detection & IOCsextracted from sources · hover to see the quote

  • An unauthenticated attacker can trigger SSRF in Ivanti Avalanche Remote Control server by sending a specifically crafted web request; monitor for anomalous outbound HTTP/S requests originating from the Avalanche Remote Control server process.
  • ·No specific crafted request payload, endpoint path, port, or other concrete IOC details were disclosed in the available sources. Detection must rely on behavioral monitoring of outbound connections from the Ivanti Avalanche Remote Control server until further technical details are published.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.