cbcvebase.
CVE-2024-50320
published 2024-11-12

CVE-2024-50320: An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
31.24%
98.0th percentile
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

Affected

1 ranges
VendorProductVersion rangeFixed in
ivantiavalanche< 6.4.66.4.6

Detection & IOCsextracted from sources · hover to see the quote

  • Ivanti Avalanche versions before 6.4.6 are vulnerable to an infinite loop triggered by a remote unauthenticated attacker, resulting in denial of service. Monitor for unexpected process hangs or unresponsiveness in Avalanche services from unauthenticated network sources.
  • ·No patch-specific configuration details are provided in the available sources. Upgrade Ivanti Avalanche to version 6.4.6 or later to remediate CVE-2024-50320.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.