CVE-2024-23532

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

n out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

References

Link	Resource
https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US	Vendor Advisory
https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*

History

06 May 2025, 19:24

Type	Values Removed	Values Added
First Time		Ivanti Ivanti avalanche
References	~~() https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US -~~	() https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US - Vendor Advisory
CPE		cpe:2.3:a:ivanti:avalanche::::::::

21 Nov 2024, 08:57

Type	Values Removed	Values Added
References	~~() https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US -~~	() https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US -

03 Jul 2024, 01:47

Type	Values Removed	Values Added
CWE		CWE-125

Information

Published : 2024-04-19 02:15

Updated : 2025-05-06 19:24

NVD link : CVE-2024-23532

Mitre link : CVE-2024-23532

CVE.ORG link : CVE-2024-23532

JSON object : View

Products Affected

avalanche

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-23532", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-04-19T02:15:07.823", "references": [{"url": "https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution. "}, {"lang": "es", "value": "Una vulnerabilidad de lectura fuera de los l\u00edmites en el componente WLAvalancheService de Ivanti Avalanche anterior a 6.4.3 permite a un atacante remoto autenticado realizar ataques de denegaci\u00f3n de servicio. En determinadas condiciones, esto tambi\u00e9n podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-05-06T19:24:37.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA272C74-8C77-482D-A85E-EBC9436C1697", "versionEndExcluding": "6.4.3.528"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}