https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US <br/></td> "/>https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US <br/></td> "/>
Path Traversal: 'dir\..\..\filename' (CWE-31)
This vulnerability affects Ivanti Avalanche installations and allows remote attackers to execute arbitrary code. The specific flaw exists within the WLAvalancheService, which listens on TCP port 1777 by default. The issue stems from the lack of proper validation of a user-supplied path prior to using it in file operations. Authentication is required to exploit this vulnerability.
An attacker can leverage this vulnerability to execute code in the context of SYSTEM, which implies full control over the affected system. This could lead to severe consequences such as data theft, system manipulation, or using the compromised system as a pivot point for further attacks within the network. The CVSS v3 base score of 8.8 (High) indicates a significant threat, with high impact on confidentiality, integrity, and availability.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Ivanti has issued an update to correct this vulnerability. The patch is available in Avalanche version 6.4.3, which includes security hardening measures and addresses this specific CVE.
1. Prioritize the application of the patch provided by Ivanti, upgrading to Avalanche version 6.4.3 or later. 2. If immediate patching is not possible, consider restricting access to TCP port 1777 where the vulnerable WLAvalancheService listens. 3. Implement strong authentication mechanisms and regularly audit user accounts with access to the Avalanche system. 4. Monitor for any suspicious activities or unauthorized access attempts, particularly those targeting the WLAvalancheService. 5. Apply the principle of least privilege to limit the potential impact if the vulnerability is exploited.
Detection for the vulnerability has been added to Qualys (379671)
Feedly found the first article mentioning CVE-2024-24998. See article
NVD published the first details for CVE-2024-24998
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.04% (Percentile: 8.3%)
EPSS Score was set to: 0.07% (Percentile: 28%)
A CVSS base score of 8.8 has been assigned.