CVE-2024-29848

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.x

Description: The issue is related to an unrestricted file upload vulnerability in the web component of Ivanti Avalanche. This vulnerability allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. It can be exploited by a remote attacker to execute arbitrary code by uploading a specially crafted file.

Recommendations: For versions prior to 6.4.x, update to version 6.4.x or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary and validated files to minimize the risk of exploitation. Restrict access to the FileStoreConfig component to minimize the risk of exploitation. Avoid using the FileStoreConfig component until the issue is resolved.