CVE-2024-23527 - Vulnerability Details - OpenCVE

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ivanti	Avalanche

Configuration 1 [-]

cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.ivanti.com/blog/security-update-for-ivanti-avalanche

History

Tue, 06 May 2025 14:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:ivanti:avalanche::::::::
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Mon, 24 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ivanti Ivanti avalanche
Weaknesses		CWE-125
CPEs		cpe:2.3:a:ivanti:avalanche:6.3.1::::premise:::
Vendors & Products		Ivanti Ivanti avalanche
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-04-24T23:12:51.975Z

Updated: 2025-03-24T19:55:29.993Z

Reserved: 2024-01-18T01:04:07.196Z

Link: CVE-2024-23527

Vulnrichment

Updated: 2024-08-01T23:06:25.305Z

NVD

Status : Analyzed

Published: 2024-04-25T06:15:54.657

Modified: 2025-05-06T13:35:39.873

Link: CVE-2024-23527

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23527", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-01-18T01:04:07.196Z", "datePublished": "2024-04-24T23:12:51.975Z", "dateUpdated": "2025-03-24T19:55:29.993Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. "}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ivanti", "product": "Avalanche", "versions": [{"version": "6.4.3", "status": "affected", "lessThan": "6.4.3", "versionType": "semver"}]}], "references": [{"url": "https://www.ivanti.com/blog/security-update-for-ivanti-avalanche"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-04-24T23:12:51.975Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "affected": [{"vendor": "ivanti", "product": "avalanche", "cpes": ["cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.3.1", "status": "affected", "lessThan": "6.4.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T15:24:31.900807Z", "id": "CVE-2024-23527", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T19:55:29.993Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.305Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ivanti.com/blog/security-update-for-ivanti-avalanche", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ivanti.com/blog/security-update-for-ivanti-avalanche", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.305Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23527", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T15:24:31.900807Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*"], "vendor": "ivanti", "product": "avalanche", "versions": [{"status": "affected", "version": "6.3.1", "lessThan": "6.4.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T15:27:19.451Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "Ivanti", "product": "Avalanche", "versions": [{"status": "affected", "version": "6.4.3", "lessThan": "6.4.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ivanti.com/blog/security-update-for-ivanti-avalanche"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. "}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-04-24T23:12:51.975Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23527", "state": "PUBLISHED", "dateUpdated": "2025-03-24T19:55:29.993Z", "dateReserved": "2024-01-18T01:04:07.196Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2024-04-24T23:12:51.975Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA272C74-8C77-482D-A85E-EBC9436C1697", "versionEndExcluding": "6.4.3.528", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. "}, {"lang": "es", "value": "Una vulnerabilidad de lectura fuera de los l\u00edmites en el componente WLAvalancheService de Ivanti Avalanche anterior a 6.4.3, en ciertas condiciones, puede permitir que un atacante remoto no autenticado lea informaci\u00f3n confidencial en la memoria."}], "id": "CVE-2024-23527", "lastModified": "2025-05-06T13:35:39.873", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "support@hackerone.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-25T06:15:54.657", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://www.ivanti.com/blog/security-update-for-ivanti-avalanche"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ivanti.com/blog/security-update-for-ivanti-avalanche"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}