Lucene search

K
nvd[email protected]NVD:CVE-2023-32560
HistoryAug 10, 2023 - 8:15 p.m.

CVE-2023-32560

2023-08-1020:15:10
CWE-787
web.nvd.nist.gov
8
vulnerability
wavelink avalanche manager
cve-2023-32560
attacker
crafted message
service disruption
code execution
tenable
version 6.4.1

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.692

Percentile

98.1%

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.

Thanks to a Researcher at Tenable for finding and reporting.

Fixed in version 6.4.1.

Affected configurations

Nvd
Node
ivantiavalancheRange<6.4.1
VendorProductVersionCPE
ivantiavalanche*cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.692

Percentile

98.1%