PT-2024-8681 · Ivanti · Ivanti Avalanche
Published
2024-08-13
·
Updated
2025-09-29
·
CVE-2024-37399
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Ivanti Avalanche versions 6.3.1
Description
A NULL pointer dereference exists in the
WLAvalancheService component of Ivanti Avalanche. This issue allows a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition by crashing the service. An off-by-one error in WLInfoRailService also allows a remote, unauthenticated attacker to crash the service, resulting in a DoS.Recommendations
Ivanti Avalanche version 6.3.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Avalanche