CVE-2024-24996
published 2024-04-19CVE-2024-24996: A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary…
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
32.24%
98.1th percentile
A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.3.528 | 6.4.3.528 |
| ivanti | avalanche | — | — |
| ivanti | avalanche | >= 6.4.3 < 6.4.3 | 6.4.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-24996 targets the WLInfoRailService component of Ivanti Avalanche; detect exploitation attempts against this service on vulnerable Avalanche versions prior to 6.4.3 ↗
- →The attack vector is unauthenticated and remote with low complexity and no user interaction required — prioritize network-level detection for anomalous unauthenticated connections to the WLInfoRailService component ↗
- ·Only Ivanti Avalanche versions before 6.4.3 are affected; upgrading to 6.4.3 remediates the vulnerability ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hvhj-8mqf-w2rh: A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6
ghsa_unreviewed·2024-04-19
CVE-2024-24996 [CRITICAL] CWE-122 GHSA-hvhj-8mqf-w2rh: A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6
A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.
Ivanti
Ivanti Avalanche Heap Overflow in WLInfoRailService
vendor_ivanti·CVSS 9.8
CVE-2024-24996 [CRITICAL] Ivanti Avalanche Heap Overflow in WLInfoRailService
Ivanti Avalanche Heap Overflow in WLInfoRailService
CVE IDs: CVE-2024-24996
Affected products: Avalanche
No detection rules found.
No public exploits indexed.
Checkpoint
22nd April – Threat Intelligence Report
blogs_checkpoint·2024-04-22
CVE-2024-24996 22nd April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## 22nd April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 22nd April, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHE
Bleepingcomputer
Ivanti warns of critical flaws in its Avalanche MDM solution
blogs_bleepingcomputer·2024-04-16·CVSS 9.8
[CRITICAL] Ivanti warns of critical flaws in its Avalanche MDM solution
## Ivanti warns of critical flaws in its Avalanche MDM solution
## Sergiu Gatlan
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution.
Avalanche is used by enterprise admins to remotely manage, deploy software, and schedule updates across large fleets of over 100,000 mobile devices from a single central location.
As the company explained on Wednesday, the two critical security flaws (CVE-2024-24996 and CVE-2024-29204) were found in Avalanche's WLInfoRailService and WLAvalancheService components.
They are both caused by heap-based buffer overflow weaknesses, which can let unauthenticated remote attackers execute arbitrary commands on
2024-04-19
Published