CVE-2024-23532

CVE Database · CVE-2024-23532

CVE-2024-23532

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

1.79%

Published

Apr 18, 2024

Modified

May 6, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-125

Affected Products (1)

ivanti · avalanche (up to 6.4.3.528)vulnerable

References (2)

https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US

Vendor Advisory

https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs