CVE-2024-23529
published 2024-04-19CVE-2024-23529: An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote…
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.88%
76.9th percentile
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.3.528 | 6.4.3.528 |
| ivanti | avalanche | — | — |
| ivanti | avalanche | >= 6.4.3 < 6.4.3 | 6.4.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Avalanche Null Pointer Dereference (3)
vendor_ivanti·CVSS 7.5
CVE-2024-23529 [HIGH] Ivanti Avalanche Null Pointer Dereference (3)
Ivanti Avalanche Null Pointer Dereference (3)
CVE IDs: CVE-2024-23529
Affected products: Avalanche
GHSA
GHSA-85c2-wjfm-h4fw: An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
ghsa_unreviewed·2024-04-19
CVE-2024-23529 [MEDIUM] CWE-125 GHSA-85c2-wjfm-h4fw: An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-19
Published