Lucene search

K
zdiRgodZDI-23-1802
HistoryDec 19, 2023 - 12:00 a.m.

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

2023-12-1900:00:00
rgod
www.zerodayinitiative.com
9
ivanti avalanche
printer service
authentication
vulnerability
local privilege escalation
apache derby

AI Score

7.7

Confidence

High

EPSS

0.004

Percentile

72.4%

This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of Apache Derby, used by the Printer Device Service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

AI Score

7.7

Confidence

High

EPSS

0.004

Percentile

72.4%