CVE-2024-23533
published 2024-04-19CVE-2024-23533: An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.37%
68.4th percentile
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.3.528 | 6.4.3.528 |
| ivanti | avalanche | — | — |
| ivanti | avalanche | >= 6.4.3 < 6.4.3 | 6.4.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ww6m-hg6p-rm96: An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
ghsa_unreviewed·2024-04-19
CVE-2024-23533 [MEDIUM] CWE-125 GHSA-ww6m-hg6p-rm96: An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.
Ivanti
Ivanti Avalanche Integer Overflow (2)
vendor_ivanti·CVSS 6.5
CVE-2024-23533 [MEDIUM] Ivanti Avalanche Integer Overflow (2)
Ivanti Avalanche Integer Overflow (2)
CVE IDs: CVE-2024-23533
Affected products: Avalanche
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-19
Published