Lucene search
HistoryDec 19, 2023 - 4:15 p.m.
CVE-2023-46262
cve-2023-46262
unauthenticated attack
server-side request forgery
ivanti avalanche remote control server
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.008 Low
EPSS
Percentile
81.6%
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
Affected configurations
Node
ivantiavalancheRange≤6.4.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| ivanti:avalanche | ivanti avalanche | le | 6.4.1 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Ivanti",
"product": "Avalanche",
"versions": [
{
"version": "6.4.1",
"status": "affected",
"lessThanOrEqual": "6.4.1",
"versionType": "semver"
}
]
}
]Related
zdi
zdi
cvelist
cvelist
CVE-2023-46262
2023-12-19 15:43:26
prion
prion
Server side request forgery (ssrf)
2023-12-19 16:15:00
nvd
nvd
CVE-2023-46262
2023-12-19 16:15:11
nessus
nessus
Ivanti Avalanche < 6.4.2 Multiple Vulnerabilities
2024-02-09 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.008 Low
EPSS
Percentile
81.6%
Related for CVE-2023-46262