https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US <br/></td> "/>https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US <br/></td> "/>

Exploit
CVE-2024-24998

Path Traversal: 'dir\..\..\filename' (CWE-31)

Published: Apr 19, 2024 / Updated: 7mo ago

010
No CVSS yetEPSS 0.07%
CVE info copied to clipboard

Summary

This vulnerability affects Ivanti Avalanche installations and allows remote attackers to execute arbitrary code. The specific flaw exists within the WLAvalancheService, which listens on TCP port 1777 by default. The issue stems from the lack of proper validation of a user-supplied path prior to using it in file operations. Authentication is required to exploit this vulnerability.

Impact

An attacker can leverage this vulnerability to execute code in the context of SYSTEM, which implies full control over the affected system. This could lead to severe consequences such as data theft, system manipulation, or using the compromised system as a pivot point for further attacks within the network. The CVSS v3 base score of 8.8 (High) indicates a significant threat, with high impact on confidentiality, integrity, and availability.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

Ivanti has issued an update to correct this vulnerability. The patch is available in Avalanche version 6.4.3, which includes security hardening measures and addresses this specific CVE.

Mitigation

1. Prioritize the application of the patch provided by Ivanti, upgrading to Avalanche version 6.4.3 or later. 2. If immediate patching is not possible, consider restricting access to TCP port 1777 where the vulnerable WLAvalancheService listens. 3. Implement strong authentication mechanisms and regularly audit user accounts with access to the Avalanche system. 4. Monitor for any suspicious activities or unauthorized access attempts, particularly those targeting the WLAvalancheService. 5. Apply the principle of least privilege to limit the potential impact if the vulnerability is exploited.

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379671)

Apr 17, 2024 at 7:53 AM
First Article

Feedly found the first article mentioning CVE-2024-24998. See article

Apr 17, 2024 at 12:10 PM / SOCRadar® Cyber Intelligence Inc.
CVE Assignment

NVD published the first details for CVE-2024-24998

Apr 19, 2024 at 2:15 AM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Apr 19, 2024 at 2:25 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 8.3%)

Apr 19, 2024 at 10:02 AM
EPSS

EPSS Score was set to: 0.07% (Percentile: 28%)

May 6, 2024 at 9:46 PM
CVSS

A CVSS base score of 8.8 has been assigned.

Jul 1, 2024 at 10:47 PM / zdi-advisories
Static CVE Timeline Graph

Affected Systems

Ivanti/avalanche
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-388/
+null more

Vendor Advisory

ZDI-24-388: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Ivanti has issued an update to correct this vulnerability.

News

ZDI-24-388: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Ivanti has issued an update to correct this vulnerability.
Latest vulnerabilities [Monday, April 22, 2024 + weekend]
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Flash Notice: Ivanti Patches Two Dozen Vulnerabilities
The published vulnerabilities range from medium to critical severity, with risks including information disclosure, command execution, and Denial-of-Service (DoS) attacks. Our Attack Surface Management services include:
NA - CVE-2024-24998 - A Path Traversal vulnerability in web component...
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24998
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. CVE-2024-24998 originally published on CyberSecurityBoard
See 10 more articles and social media posts

CVSS V3.1

Unknown

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI