CVE-2024-27978
published 2024-04-19CVE-2024-27978: A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.73%
74.7th percentile
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.3.528 | 6.4.3.528 |
| ivanti | avalanche | >= 6.4.3 < 6.4.3 | 6.4.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2024-27978
vendor_ivanti·2024-04-19·CVSS 6.5
CVE-2024-27978 [MEDIUM] CWE-476 Ivanti Security Advisory: CVE-2024-27978
Ivanti Security Advisory: CVE-2024-27978
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
CVE IDs: CVE-2024-27978
CVSS Base Score: 6.5
Severity: MEDIUM
CWEs: CWE-476
GHSA
GHSA-g23v-56px-8cqm: A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
ghsa_unreviewed·2024-04-19
CVE-2024-27978 [MEDIUM] CWE-476 GHSA-g23v-56px-8cqm: A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-19
Published