CVE-2024-23532
published 2024-04-19CVE-2024-23532: An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial…
PriorityP349high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
1.79%
75.6th percentile
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.3.528 | 6.4.3.528 |
| ivanti | avalanche | — | — |
| ivanti | avalanche | >= 6.4.3 < 6.4.3 | 6.4.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7ghv-4mjc-99wp: An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
ghsa_unreviewed·2024-04-19
CVE-2024-23532 [HIGH] CWE-125 GHSA-7ghv-4mjc-99wp: An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.
Ivanti
Ivanti Avalanche Out-of-Bounds Read
vendor_ivanti·CVSS 7.5
CVE-2024-23532 [HIGH] Ivanti Avalanche Out-of-Bounds Read
Ivanti Avalanche Out-of-Bounds Read
CVE IDs: CVE-2024-23532
Affected products: Avalanche
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-19
Published