Lucene search

HackeroneCVE-2023-46260

HistoryDec 19, 2023 - 4:15 p.m.

CVE-2023-46260

2023-12-1916:15:10

CWE-787

hackerone

web.nvd.nist.gov

cve-2023-46260

attacker

memory corruption

mobile device server

dos

code execution

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

82.7%

JSON

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Affected configurations

Nvd

Vulners

Node

ivantiavalancheRange<6.4.2premise

AND

microsoftwindowsMatch-

VendorProductVersionCPE
ivantiavalanche*cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	avalanche	*	cpe:2.3:a:ivanti:avalanche:::::premise:::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Avalanche",
    "versions": [
      {
        "version": "6.4.1",
        "status": "affected",
        "lessThanOrEqual": "6.4.1",
        "versionType": "semver"
      }
    ]
  }
]

References

download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

82.7%

JSON

Related for CVE-2023-46260