PT-2021-5375 · Ivanti · Ivanti Avalanche

Published

2021-09-22

Updated

2021-12-08

CVE-2021-42130

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.3.3

Description A deserialization of untrusted data issue exists, allowing an attacker with access to the Inforail Service to perform arbitrary code execution by sending specially crafted data. This can be exploited remotely.

Recommendations For versions prior to 6.3.3, update to version 6.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Inforail Service to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2021-06210

CVE-2021-42130

ZDI-21-1326

Affected Products

Ivanti Avalanche

PT-2021-5375 · Ivanti · Ivanti Avalanche

CVE-2021-42130

Weakness Enumeration

Related Identifiers

Affected Products

References · 11