CVE-2024-38652

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Aug 14, 2024
Updated: Aug 15, 2024
CWE ID 22

Summary

CVE-2024-38652 is a newly disclosed vulnerability affecting Ivanti Avalanche version 6.3.1. This issue involves a path traversal flaw in the skin management component, enabling an unauthenticated attacker to execute arbitrary file deletions, resulting in a denial of service (DoS) condition. This vulnerability could potentially disrupt the targeted system's functionality and adversely impact its availability. Organizations using Ivanti Avalanche 6.3.1 are encouraged to apply the necessary patches as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Ivanti Avalanche

Affected Vendors

  • Ivanti Software Inc.