CVE-2022-44574

HIGH

Ivanti Avalanche < 6.4.0 - Unauthenticated Property Modification via Specific Port

Title source: llm
STIX 2.1

Description

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

Scores

CVSS v3 7.5
EPSS 0.6482
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-287
Status published
Products (1)
ivanti/avalanche < 6.4.0
Published Mar 10, 2023
Tracked Since Feb 18, 2026