CVE-2024-47009

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Oct 8, 2024 / Updated: 42d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

A Path Traversal vulnerability in Ivanti Avalanche versions prior to 6.4.5 allows a remote unauthenticated attacker to bypass authentication. This vulnerability is associated with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-288 (Authentication Bypass Using an Alternate Path or Channel).

Impact

The impact of this vulnerability is significant. An unauthenticated attacker can exploit this flaw remotely over the network, potentially gaining unauthorized access to the system. The CVSS v3.1 base score is 7.3, indicating a high severity. The attack vector is network-based, requires low attack complexity, and needs no user interaction. While the confidentiality, integrity, and availability impacts are all rated as low, the ability to bypass authentication could lead to further exploitation and compromise of the affected system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been addressed in Ivanti Avalanche version 6.4.5 and later. Organizations using affected versions of Ivanti Avalanche should prioritize updating to version 6.4.5 or newer to mitigate this vulnerability.

Mitigation

1. Update Ivanti Avalanche to version 6.4.5 or later as soon as possible. 2. If immediate patching is not feasible, consider implementing network segmentation to limit access to the affected Ivanti Avalanche instances. 3. Monitor for any suspicious activities or unauthorized access attempts, particularly those that might indicate path traversal or authentication bypass attempts. 4. Implement strong access controls and authentication mechanisms for all network-accessible services. 5. Regularly audit and review system logs for any signs of exploitation attempts. 6. Consider using a Web Application Firewall (WAF) to help detect and block path traversal attempts if patching is delayed.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-47009

Oct 8, 2024 at 5:15 PM
CVSS

A CVSS base score of 7.3 has been assigned.

Oct 8, 2024 at 5:21 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-47009. See article

Oct 8, 2024 at 5:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 5:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 11.2%)

Oct 9, 2024 at 10:29 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 16, 2024 at 1:30 PM / nvd
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (209148)

Oct 16, 2024 at 9:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (152325)

Oct 21, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Ivanti/avalanche
+null more

Patches

forums.ivanti.com
+null more

Links to Mitre Att&cks

T1083: File and Directory Discovery
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

News

Web Application Detections Published in October 2024
In October, Qualys released QIDs targeting vulnerabilities in several widely used software products, including WordPress, Zohocorp ManageEngine Endpoint, Lobe Chat, Ivanti Virtual Traffic Manager (vTM), Traefik, Nginx Proxy Manager, Harbor, Haproxy, SolarWinds Access Rights Manager (ARM), Cacti, Ivanti Endpoint Manager Mobile (EPMM), JetBrains TeamCity, Palo Alto Networks Expedition, Progress Telerik Report Server, Zimbra, Oracle WebLogic Server, Apache Solr, FlatPress CMS, pgAdmin, Grafana, pfSense, SolarWinds Web Help Desk, Ivanti Avalanche, ReCrystallize Server, Joomla!, and PHP. The QIDs released to detect the vulnerabilities in the frameworks above are listed below. Details about the following QIDs can be found in our knowledge base. Please review reports of the scanned applications for these detections and, if any are identified follow the steps provided in the knowledge base to ensure applications are protected against the reported vulnerabilities. QID Title 152202 Zohocorp ManageEngine Endpoint Central Incorrect Authorization Vulnerability (CVE-2024-38868) 152206 WordPress Delicious Recipe Plugin: Arbitrary File Movement and Reading Vulnerability (CVE-2024-7626) 152207 WordPress Simple Spoiler Plugin: Arbitrary Shortcode Execution Vulnerability (CVE-2024-8479) 152209 WordPress PropertyHive Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-8490) 152210 WordPress Share This Image Plugin: Open Redirect Vulnerability (CVE-2024-8761) 152215 WordPress infolinks Ad Wrap Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-8044) 152216 WordPress Bit File Manager Plugin:
Vulnerability Summary for the Week of October 7, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source Info Patch Info adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47410 psirt@adobe.com adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47411 psirt@adobe.com adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47412 psirt@adobe.com adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47413 psirt@adobe.com adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Ivanti Avalanche < 6.4.5 Multiple Vulnerabilities
Nessus Plugin ID 209148 with Critical Severity Synopsis An enterprise mobility management application is affected by multiple vulnerabilities. Description The version of Ivanti Avalanche running on the remote host is prior to 6.4.5. It is, therefore, is affected by multiple vulnerabilities : - A NULL pointer dereference in WLAvalancheService allows a remote unauthenticated attacker to crash the service. (CVE-2024-47007) - Server-side request forgery allows a remote unauthenticated attacker to leak sensitive information. (CVE-2024-47008) - Path Traversal allows a remote unauthenticated attacker to bypass authentication. (CVE-2024-47009, CVE-2024-47010) - Path Traversal allows a remote unauthenticated attacker to leak sensitive information. (CVE-2024-47011) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to v6.4.5 or later. Read more at https://www.tenable.com/plugins/nessus/209148
Vulnerability Summary for the Week of October 7, 2024
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47410 psirt@adobe.com adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47411 psirt@adobe.com adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47412 psirt@adobe.com adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47413 psirt@adobe.com adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Multiple vulnerabilities in Ivanti Avalanche
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI