CVE-2024-23532

HIGH

Ivanti Avalanche < 6.4.3.528 - Out-of-Bounds Read

Title source: rule

Description

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

References (1)

Core 1

Core References

Vendor Advisory

https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US

Scores

CVSS v3 7.5

EPSS 0.2081

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-125

Status published

Products (1)

ivanti/avalanche < 6.4.3.528

Published Apr 19, 2024

Tracked Since Feb 18, 2026