cbcvebase.
CVE-2023-46263
published 2023-12-19

CVE-2023-46263: An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote…

PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
81.88%
99.6th percentile
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiavalanche< 6.4.26.4.2
ivantiavalanche6.4.1 – 6.4.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability class is unrestricted file upload (CWE-434) in Ivanti Avalanche versions 6.4.1 and below, enabling remote code execution via upload of dangerous file types
  • ·No specific exploit payloads, file paths, network indicators, or signatures were disclosed in the available sources. Detection engineering should focus on monitoring file upload endpoints in Ivanti Avalanche for uploads of executable or script file types (e.g., .jsp, .war, .exe, .php) as a behavioral indicator.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.