CVE-2024-13181
published 2025-01-14CVE-2024-13181: Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes…
PriorityP278critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
32.44%
98.1th percentile
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.6 | 6.4.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is Path Traversal (CWE-22) combined with Authentication Bypass (CWE-288) in Ivanti Avalanche — monitor for path traversal sequences (e.g., '../') in HTTP requests targeting Ivanti Avalanche endpoints, particularly from unauthenticated remote sources. ↗
- →This CVE is a bypass of an incomplete fix — detection logic should also account for variants of the original CVE-2024-47010 path traversal patterns, as the prior fix was insufficient. ↗
- ·Only Ivanti Avalanche versions prior to 6.4.7 are vulnerable; upgrading to 6.4.7 or later remediates this issue. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2024-13181
vendor_ivanti·2025-01-14·CVSS 7.3
CVE-2024-13181 [HIGH] CWE-22 Ivanti Security Advisory: CVE-2024-13181
Ivanti Security Advisory: CVE-2024-13181
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
CVE IDs: CVE-2024-13181
CVSS Base Score: 7.3
Severity: HIGH
CWEs: CWE-22, CWE-288
GHSA
GHSA-5r6m-h6wm-64gp: Path Traversal in Ivanti Avalanche before version 6
ghsa_unreviewed·2025-01-14·CVSS 7.3
CVE-2024-13181 [HIGH] CWE-22 GHSA-5r6m-h6wm-64gp: Path Traversal in Ivanti Avalanche before version 6
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-14
Published