Lucene search
HackeroneCVELIST:CVE-2023-46223HistoryDec 19, 2023 - 3:43 p.m.
CVE-2023-46223
2023-12-1915:43:26
hackerone
www.cve.org
1
attacker
crafted data packets
memory corruption
dos
code execution
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.002
Percentile
55.8%
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CNA Affected
[
{
"defaultStatus": "affected",
"vendor": "Ivanti",
"product": "Avalanche",
"versions": [
{
"version": "6.4.1",
"status": "unaffected",
"lessThanOrEqual": "6.4.1",
"versionType": "semver"
}
]
}
]Related
zdi
zdi
cve
cve
CVE-2023-46223
2023-12-19 16:15:09
vulnrichment
vulnrichment
CVE-2023-46223
2023-12-19 15:43:26
nvd
nvd
CVE-2023-46223
2023-12-19 16:15:09
prion
prion
Memory corruption
2023-12-19 16:15:00
nessus
nessus
Ivanti Avalanche < 6.4.2 Multiple Vulnerabilities
2024-02-09 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.002
Percentile
55.8%
Related for CVELIST:CVE-2023-46223