cbcvebase.
CVE-2024-23532
published 2024-04-19

CVE-2024-23532: An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial…

PriorityP349high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
1.79%
75.6th percentile
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivantiavalanche< 6.4.3.5286.4.3.528
ivantiavalanche
ivantiavalanche>= 6.4.3 < 6.4.36.4.3

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.