Lucene search

HackeroneCVE-2024-37399

HistoryAug 14, 2024 - 3:15 a.m.

CVE-2024-37399

2024-08-1403:15:04

CWE-476

hackerone

web.nvd.nist.gov

avalanche

null pointer

dos

ivanti

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.8%

JSON

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

ivantiavalancheMatch6.3.1premise

ivantiavalancheMatch6.3.1.1507premise

ivantiavalancheMatch6.3.2

ivantiavalancheMatch6.3.2windows

ivantiavalancheMatch6.3.2premise

ivantiavalancheMatch6.3.2.3490

ivantiavalancheMatch6.3.2.3490premise

ivantiavalancheMatch6.3.3

ivantiavalancheMatch6.3.3premise

ivantiavalancheMatch6.3.3.101

ivantiavalancheMatch6.3.3.101premise

ivantiavalancheMatch6.3.4

ivantiavalancheMatch6.3.4premise

ivantiavalancheMatch6.3.4.153premise

ivantiavalancheMatch6.4.0

ivantiavalancheMatch6.4.1

ivantiavalancheMatch6.4.1premise

ivantiavalancheMatch6.4.1.207premise

ivantiavalancheMatch6.4.1.236premise

ivantiavalancheMatch6.4.2premise

VendorProductVersionCPE
ivantiavalanche6.3.1cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*
ivantiavalanche6.3.1.1507cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*
ivantiavalanche6.3.3.101cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	avalanche	6.3.1	cpe:2.3:a:ivanti:avalanche:6.3.1::::premise:::
ivanti	avalanche	6.3.1.1507	cpe:2.3:a:ivanti:avalanche:6.3.1.1507::::premise:::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::::*
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::windows::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2::::premise:::
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490:::::::*
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490::::premise:::
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3:::::::*
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3::::premise:::
ivanti	avalanche	6.3.3.101	cpe:2.3:a:ivanti:avalanche:6.3.3.101:::::::*

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Avalanche",
    "versions": [
      {
        "version": "6.4.4",
        "status": "affected",
        "lessThan": "6.4.4",
        "versionType": "custom"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.8%

JSON

Related for CVE-2024-37399