CVE-2024-23532

HIGH

Ivanti Avalanche < 6.4.3 - Authenticated Out-of-bounds Read in WLAvalancheService

Title source: llm

Description

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

References (1)

Core 1

Core References

Vendor Advisory

https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US

Scores

CVSS v3 7.5

EPSS 0.0179

EPSS Percentile 75.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-125

Status published

Products (1)

ivanti/avalanche < 6.4.3.528

Published Apr 19, 2024

Tracked Since Feb 18, 2026