CVE-2021-30497

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche (Premise) version 6.3.2

Description The issue allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. This is due to the imageFilePath parameter not being verified to be within the scope of the image folder when processed by the "/AvalancheWeb/image" endpoint. An attacker can obtain sensitive information by exploiting this, for example, by accessing the "C:/Windows/system32/config/system.sav" file.

Recommendations For Ivanti Avalanche (Premise) version 6.3.2, as a temporary workaround, consider restricting access to the "/AvalancheWeb/image" endpoint to minimize the risk of exploitation. Additionally, avoid using the imageFilePath parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.