CVE-2023-46225

2023-12-1916:15:10

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-46225

nvd

mobile device server

dos

code execution

memory corruption

data packets

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.9%

JSON

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Affected configurations

NVD

Node

ivantiavalancheRange<6.4.2premise

AND

microsoftwindowsMatch-

CPENameOperatorVersion
ivanti:avalancheivanti avalanchelt6.4.2

CPE	Name	Operator	Version
ivanti:avalanche	ivanti avalanche	lt	6.4.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Avalanche",
    "versions": [
      {
        "version": "6.4.1",
        "status": "affected",
        "lessThanOrEqual": "6.4.1",
        "versionType": "semver"
      }
    ]
  }
]