CVE-2024-13179
published 2025-01-14CVE-2024-13179: Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
61.81%
99.1th percentile
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.7 | 6.4.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Path Traversal vulnerability in Ivanti Avalanche before version 6.4.7 allows remote unauthenticated attackers to bypass authentication via path traversal (CWE-22, CWE-288). Monitor for anomalous path traversal sequences in HTTP requests targeting Ivanti Avalanche endpoints. ↗
- ·Vulnerability affects Ivanti Avalanche versions prior to 6.4.7. Upgrade to 6.4.7 or later to remediate. No additional configuration details or exploitation specifics were provided in the available sources. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2024-13179
vendor_ivanti·2025-01-14·CVSS 7.3
CVE-2024-13179 [HIGH] CWE-22 Ivanti Security Advisory: CVE-2024-13179
Ivanti Security Advisory: CVE-2024-13179
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
CVE IDs: CVE-2024-13179
CVSS Base Score: 7.3
Severity: HIGH
CWEs: CWE-22, CWE-288
GHSA
GHSA-cvcj-c937-q8wf: Path Traversal in Ivanti Avalanche before version 6
ghsa_unreviewed·2025-01-14
CVE-2024-13179 [HIGH] CWE-22 GHSA-cvcj-c937-q8wf: Path Traversal in Ivanti Avalanche before version 6
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-14
Published