CVE-2022-36983

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions 6.3.3.101

Description This issue allows remote attackers to bypass authentication on affected installations. The specific flaw exists within the SetSettings class, resulting from the lack of authentication prior to allowing access to functionality. An attacker can leverage this to bypass authentication on the system.

Recommendations For Ivanti Avalanche version 6.3.3.101, consider disabling the SetSettings class until a patch is available to prevent exploitation. Restrict access to the affected functionality to minimize the risk of authentication bypass.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2022-36983

ZDI-22-788

Affected Products

Ivanti Avalanche

CVE-2022-36983

Weakness Enumeration

Related Identifiers

Affected Products

References · 6