CVE-2024-13180
published 2025-01-14CVE-2024-13180: Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete…
PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
27.76%
97.8th percentile
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.7 | 6.4.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is Path Traversal (CWE-22) in Ivanti Avalanche before 6.4.7; detect unauthenticated HTTP requests containing path traversal sequences (e.g., '../') targeting Avalanche endpoints ↗
- →This is a bypass/incomplete fix of CVE-2024-47011; prior detections or signatures for CVE-2024-47011 path traversal on Ivanti Avalanche should be reviewed and updated to cover additional traversal variants ↗
- ·Exploitation requires no authentication; any network-accessible Ivanti Avalanche instance below version 6.4.7 is exposed to unauthenticated path traversal and sensitive information disclosure ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2024-13180
vendor_ivanti·2025-01-14·CVSS 7.5
CVE-2024-13180 [HIGH] CWE-22 Ivanti Security Advisory: CVE-2024-13180
Ivanti Security Advisory: CVE-2024-13180
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.
CVE IDs: CVE-2024-13180
CVSS Base Score: 7.5
Severity: HIGH
CWEs: CWE-22
GHSA
GHSA-pw5v-23mc-8w39: Path Traversal in Ivanti Avalanche before version 6
ghsa_unreviewed·2025-01-14·CVSS 7.5
CVE-2024-13180 [HIGH] CWE-22 GHSA-pw5v-23mc-8w39: Path Traversal in Ivanti Avalanche before version 6
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-14
Published