Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-23532

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

Published

2024-04-19T02:15:07.823

Last Modified

2025-05-06T19:24:37.730

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	avalanche	< 6.4.3.528	Yes

References

https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US Vendor Advisory ([email protected])
https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)