Lucene search
HistoryMay 09, 2023 - 10:15 p.m.
CVE-2023-28128
cve-2023-28128
unrestricted file upload
avalanche
vulnerability
remote code execution
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.13 Low
EPSS
Percentile
95.5%
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
Affected configurations
Node
ivantiavalancheRange≤6.3.4.153
| CPE | Name | Operator | Version |
|---|---|---|---|
| ivanti:avalanche | ivanti avalanche | le | 6.3.4.153 |
CNA Affected
[
{
"vendor": "n/a",
"product": "Avalanche",
"versions": [
{
"version": "Avalanche version 6.3.x and below",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
CVE-2023-28128
2023-05-09 00:00:00
nvd
nvd
CVE-2023-28128
2023-05-09 22:15:09
zdi
zdi
zdt
zdt
Ivanti Avalanche FileStoreConfig Shell Upload Exploit
2023-05-19 00:00:00
prion
prion
Unrestricted file upload
2023-05-09 22:15:00
metasploit
metasploit
Ivanti Avalanche FileStoreConfig File Upload
2023-05-04 23:03:02
packetstorm
packetstorm
Ivanti Avalanche FileStoreConfig Shell Upload
2023-05-16 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-05-19 18:44:30
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.13 Low
EPSS
Percentile
95.5%
Related for CVE-2023-28128