CVE-2024-29848

CVE Database · CVE-2024-29848

CVE-2024-29848

· HIGHAnalyzed

CVSS v3.1

7.2

EPSS

64.42%

Published

May 31, 2024

Modified

May 6, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-434

Affected Products (1)

ivanti · avalanche (up to 6.4.3.602)vulnerable

References (4)

https://forums.ivanti.com/s/article/Security-Advisory-May-2024

Vendor Advisory

https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US

Vendor Advisory

https://forums.ivanti.com/s/article/Security-Advisory-May-2024

Vendor Advisory

https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs