PT-2024-28102 · Ivanti · Ivanti Avalanche

Published

2024-08-13

Updated

2024-08-15

CVE-2024-38652

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche version 6.3.1

Description The issue allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion due to path traversal in the skin management component.

Recommendations For Ivanti Avalanche version 6.3.1, consider restricting access to the skin management component to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

XXE

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-611CWE-476

Related Identifiers

BDU:2024-10277

BDU:2024-10283

CVE-2024-38652

ZDI-24-1149

Affected Products

Ivanti Avalanche

PT-2024-28102 · Ivanti · Ivanti Avalanche

CVE-2024-38652

Weakness Enumeration

Related Identifiers

Affected Products

References · 25