CVE-2023-46262
published 2023-12-19CVE-2023-46262: An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control…
PriorityP265high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
82.85%
99.6th percentile
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | <= 6.4.1 | — |
| ivanti | avalanche | 6.4.1 – 6.4.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →An unauthenticated attacker can trigger SSRF in Ivanti Avalanche Remote Control server by sending a specifically crafted web request; monitor for anomalous outbound HTTP/S requests originating from the Avalanche Remote Control server process. ↗
- ·No specific crafted request payload, endpoint path, port, or other concrete IOC details were disclosed in the available sources. Detection must rely on behavioral monitoring of outbound connections from the Ivanti Avalanche Remote Control server until further technical details are published. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hj3r-2hqm-4f6w: An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Cont
ghsa_unreviewed·2023-12-19
CVE-2023-46262 [HIGH] CWE-918 GHSA-hj3r-2hqm-4f6w: An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Cont
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
Ivanti
Ivanti Security Advisory: CVE-2023-46262
vendor_ivanti·2023-12-19·CVSS 7.5
CVE-2023-46262 [HIGH] CWE-918 Ivanti Security Advisory: CVE-2023-46262
Ivanti Security Advisory: CVE-2023-46262
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CVE IDs: CVE-2023-46262
CVSS Base Score: 7.5
Severity: HIGH
CWEs: CWE-918
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-19
Published