CVE-2024-38652
CVSS 3.1 Score 9.1 of 10 (high)
Details
Published Aug 14, 2024
Updated: Aug 15, 2024
CWE ID 22
Summary
CVE-2024-38652 is a newly disclosed vulnerability affecting Ivanti Avalanche version 6.3.1. This issue involves a path traversal flaw in the skin management component, enabling an unauthenticated attacker to execute arbitrary file deletions, resulting in a denial of service (DoS) condition. This vulnerability could potentially disrupt the targeted system's functionality and adversely impact its availability. Organizations using Ivanti Avalanche 6.3.1 are encouraged to apply the necessary patches as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Ivanti Avalanche
Affected Vendors
- Ivanti Software Inc.