fkie_cve-2024-38652
Vulnerability from fkie_nvd
Published
2024-08-14 03:15
Modified
2024-08-15 17:32
Severity ?
Summary
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | avalanche | 6.3.1 | |
| ivanti | avalanche | 6.3.1.1507 | |
| ivanti | avalanche | 6.3.2 | |
| ivanti | avalanche | 6.3.2 | |
| ivanti | avalanche | 6.3.2 | |
| ivanti | avalanche | 6.3.2.3490 | |
| ivanti | avalanche | 6.3.2.3490 | |
| ivanti | avalanche | 6.3.3 | |
| ivanti | avalanche | 6.3.3 | |
| ivanti | avalanche | 6.3.3.101 | |
| ivanti | avalanche | 6.3.3.101 | |
| ivanti | avalanche | 6.3.4 | |
| ivanti | avalanche | 6.3.4 | |
| ivanti | avalanche | 6.3.4.153 | |
| ivanti | avalanche | 6.4.0 | |
| ivanti | avalanche | 6.4.1 | |
| ivanti | avalanche | 6.4.1 | |
| ivanti | avalanche | 6.4.1.207 | |
| ivanti | avalanche | 6.4.1.236 | |
| ivanti | avalanche | 6.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "6060540C-A977-4E2A-8E1B-41CC3C3E92ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*",
"matchCriteriaId": "771C1447-6F5E-45DE-BDE6-8FFBB4708D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778D9C09-12BB-47FC-B74B-DC114AE3A540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "617DA85C-5FCE-4650-99AA-A1052E690B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "44ABD265-3F8F-415A-96B3-16975661CDEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*",
"matchCriteriaId": "CF93250C-0754-4B87-9BBE-DDF255EEB157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*",
"matchCriteriaId": "521CD0B6-8348-41D6-8AD8-79F884F4F10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3162335B-9FA4-4AC3-85F0-BD34F859EDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*",
"matchCriteriaId": "03E7F6CA-8A72-4A3E-A281-2A7653162FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AB421E-C976-4CFF-93F9-40354CB579C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:premise:*:*:*",
"matchCriteriaId": "4C581973-06B3-4E16-B37C-41FE7B4388CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E1AF8-A8ED-4E49-B25F-E27AD4B61E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:premise:*:*:*",
"matchCriteriaId": "3CC6AA75-22CD-4588-A1F9-574D7E7698CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:*",
"matchCriteriaId": "F5A7D50A-DD35-40B6-B4AD-8703DB016E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1196CC8F-4D46-4258-9997-1C7E9954A8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9D82B4-4AF6-4E14-AACE-56982D4F8969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "5FA149E2-AF10-4D3A-9F6C-8AF74110DEF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.207:*:*:*:premise:*:*:*",
"matchCriteriaId": "CC521F86-4E3F-4217-836D-235B1D9E8876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.236:*:*:*:premise:*:*:*",
"matchCriteriaId": "45AA1E4F-2B38-42A3-A99C-F7ED17067E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "78794BF3-682E-4256-92DA-D669BF78A297",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion."
},
{
"lang": "es",
"value": "El path traversal en el componente de gesti\u00f3n de aspectos de Ivanti Avalanche 6.3.1 permite a un atacante remoto no autenticado lograr una denegaci\u00f3n de servicio mediante la eliminaci\u00f3n arbitraria de archivos."
}
],
"id": "CVE-2024-38652",
"lastModified": "2024-08-15T17:32:39.067",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "support@hackerone.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T03:15:05.020",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…