Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Avalanche  >> 6.1.106.496  Security Vulnerabilities
CVE-2022-43555
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2023-11-03
CVE-2023-32560
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
CVSS Score
8.8
EPSS Score
0.919
Published
2023-08-10
CVE-2023-32561
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-10
CVE-2023-32562
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
CVSS Score
6.8
EPSS Score
0.273
Published
2023-08-10
CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
CVSS Score
8.8
EPSS Score
0.925
Published
2023-08-10
CVE-2023-32564
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVSS Score
6.8
EPSS Score
0.273
Published
2023-08-10
CVE-2023-32565
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-08-10
CVE-2023-32566
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-08-10
CVE-2023-32567
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
CVSS Score
6.5
EPSS Score
0.004
Published
2023-08-10
CVE-2023-28125
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-05-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved