CVE-2023-46263
published 2023-12-19CVE-2023-46263: An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
81.88%
99.6th percentile
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.2 | 6.4.2 |
| ivanti | avalanche | 6.4.1 – 6.4.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is unrestricted file upload (CWE-434) in Ivanti Avalanche versions 6.4.1 and below, enabling remote code execution via upload of dangerous file types ↗
- ·No specific exploit payloads, file paths, network indicators, or signatures were disclosed in the available sources. Detection engineering should focus on monitoring file upload endpoints in Ivanti Avalanche for uploads of executable or script file types (e.g., .jsp, .war, .exe, .php) as a behavioral indicator. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3q3v-9mp5-cqff: An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6
ghsa_unreviewed·2023-12-19
CVE-2023-46263 [HIGH] CWE-434 GHSA-3q3v-9mp5-cqff: An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
Ivanti
Ivanti Security Advisory: CVE-2023-46263
vendor_ivanti·2023-12-19·CVSS 9.8
CVE-2023-46263 [CRITICAL] CWE-434 Ivanti Security Advisory: CVE-2023-46263
Ivanti Security Advisory: CVE-2023-46263
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
CVE IDs: CVE-2023-46263
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-434
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-19
Published