CVE-2024-37399
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-37399 is a newly disclosed vulnerability that affects Ivanti Avalanche version 6.3.1. This issue involves a NULL pointer dereference in the WLAvalancheService component, which can be exploited by an unauthenticated attacker to cause a Denial of Service (DoS) condition. By manipulating specific input, an attacker can trigger the NULL pointer dereference, resulting in the service crashing and becoming unavailable to legitimate users. This vulnerability poses a significant risk to organizations using Ivanti Avalanche, as it can be easily exploited without the need for any authentication, potentially leading to extended downtime and productivity losses.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Ivanti Avalanche
Affected Vendors
- Ivanti Software Inc.