CVE-2023-32560

2023-08-1020:15:10

CWE-787

[email protected]

web.nvd.nist.gov

information security

cve-2023-32560

vulnerability

wavelink avalanche manager

code execution

service disruption

nvd

tenable

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.558 Medium

EPSS

Percentile

97.7%

JSON

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.

Thanks to a Researcher at Tenable for finding and reporting.

Fixed in version 6.4.1.

Affected configurations

NVD

Node

ivantiavalancheRange<6.4.1

CPENameOperatorVersion
ivanti:avalancheivanti avalanchelt6.4.1

CPE	Name	Operator	Version
ivanti:avalanche	ivanti avalanche	lt	6.4.1

CNA Affected

[
  {
    "defaultStatus": "affected",
    "vendor": "Ivanti",
    "product": "Avalanche",
    "versions": [
      {
        "version": "6.4.1",
        "status": "unaffected",
        "lessThan": "6.4.1",
        "versionType": "custom"
      }
    ]
  }
]