cbcvebase.
CVE-2024-13179
published 2025-01-14

CVE-2024-13179: Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
61.81%
99.1th percentile
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

Affected

1 ranges
VendorProductVersion rangeFixed in
ivantiavalanche< 6.4.76.4.7

Detection & IOCsextracted from sources · hover to see the quote

  • Path Traversal vulnerability in Ivanti Avalanche before version 6.4.7 allows remote unauthenticated attackers to bypass authentication via path traversal (CWE-22, CWE-288). Monitor for anomalous path traversal sequences in HTTP requests targeting Ivanti Avalanche endpoints.
  • ·Vulnerability affects Ivanti Avalanche versions prior to 6.4.7. Upgrade to 6.4.7 or later to remediate. No additional configuration details or exploitation specifics were provided in the available sources.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.