CVE-2024-23527
published 2024-04-25CVE-2024-23527: An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote…
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.99%
78.1th percentile
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.3.528 | 6.4.3.528 |
| ivanti | avalanche | — | — |
| ivanti | avalanche | >= 6.4.3 < 6.4.3 | 6.4.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Avalanche Null Pointer Dereference
vendor_ivanti·CVSS 7.5
CVE-2024-23527 [HIGH] Ivanti Avalanche Null Pointer Dereference
Ivanti Avalanche Null Pointer Dereference
CVE IDs: CVE-2024-23527
Affected products: Avalanche
GHSA
GHSA-8v44-wj8x-wh72: An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
ghsa_unreviewed·2024-04-25
CVE-2024-23527 [MEDIUM] CWE-125 GHSA-8v44-wj8x-wh72: An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-25
Published