Lucene search

HackeroneCVE-2024-37373

HistoryAug 14, 2024 - 3:15 a.m.

CVE-2024-37373

2024-08-1403:15:04

CWE-20

hackerone

web.nvd.nist.gov

input validation

central filestore

ivanti avalanche 6.3.1

remote code execution

admin rights

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

18.6%

JSON

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

ivantiavalancheMatch6.3.1premise

ivantiavalancheMatch6.3.1.1507premise

ivantiavalancheMatch6.3.2

ivantiavalancheMatch6.3.2windows

ivantiavalancheMatch6.3.2premise

ivantiavalancheMatch6.3.2.3490

ivantiavalancheMatch6.3.2.3490premise

ivantiavalancheMatch6.3.3

ivantiavalancheMatch6.3.3premise

ivantiavalancheMatch6.3.3.101

ivantiavalancheMatch6.3.3.101premise

ivantiavalancheMatch6.3.4

ivantiavalancheMatch6.3.4premise

ivantiavalancheMatch6.3.4.153premise

ivantiavalancheMatch6.4.0

ivantiavalancheMatch6.4.1

ivantiavalancheMatch6.4.1premise

ivantiavalancheMatch6.4.1.207premise

ivantiavalancheMatch6.4.1.236premise

ivantiavalancheMatch6.4.2premise

VendorProductVersionCPE
ivantiavalanche6.3.1cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*
ivantiavalanche6.3.1.1507cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*
ivantiavalanche6.3.3.101cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	avalanche	6.3.1	cpe:2.3:a:ivanti:avalanche:6.3.1::::premise:::
ivanti	avalanche	6.3.1.1507	cpe:2.3:a:ivanti:avalanche:6.3.1.1507::::premise:::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::::*
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::windows::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2::::premise:::
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490:::::::*
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490::::premise:::
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3:::::::*
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3::::premise:::
ivanti	avalanche	6.3.3.101	cpe:2.3:a:ivanti:avalanche:6.3.3.101:::::::*

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Avalanche",
    "versions": [
      {
        "version": "6.4.4",
        "status": "affected",
        "lessThan": "6.4.4",
        "versionType": "custom"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

18.6%

JSON

Related for CVE-2024-37373