cbcvebase.
CVE-2024-23531
published 2024-04-19

CVE-2024-23531: An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.38%
81.8th percentile
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivantiavalanche< 6.4.3.5286.4.3.528
ivantiavalanche
ivantiavalanche>= 6.4.3 < 6.4.36.4.3

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.