CVE-2024-23531
published 2024-04-19CVE-2024-23531: An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.38%
81.8th percentile
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.3.528 | 6.4.3.528 |
| ivanti | avalanche | — | — |
| ivanti | avalanche | >= 6.4.3 < 6.4.3 | 6.4.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Avalanche Integer Overflow
vendor_ivanti·CVSS 7.5
CVE-2024-23531 [HIGH] Ivanti Avalanche Integer Overflow
Ivanti Avalanche Integer Overflow
CVE IDs: CVE-2024-23531
Affected products: Avalanche
GHSA
GHSA-v829-2px7-7w8w: An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6
ghsa_unreviewed·2024-04-19
CVE-2024-23531 [HIGH] CWE-190 GHSA-v829-2px7-7w8w: An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-19
Published