Lucene search

[email protected]NVD:CVE-2024-37399

HistoryAug 14, 2024 - 3:15 a.m.

CVE-2024-37399

2024-08-1403:15:04

CWE-476

[email protected]

web.nvd.nist.gov

cve-2024-37399

wlavalancheservice

ivanti avalanche

remote unauthenticated attacker

crash

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

73.8%

JSON

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

Affected configurations

Nvd

Node

ivantiavalancheMatch6.3.1premise

ivantiavalancheMatch6.3.1.1507premise

ivantiavalancheMatch6.3.2

ivantiavalancheMatch6.3.2windows

ivantiavalancheMatch6.3.2premise

ivantiavalancheMatch6.3.2.3490

ivantiavalancheMatch6.3.2.3490premise

ivantiavalancheMatch6.3.3

ivantiavalancheMatch6.3.3premise

ivantiavalancheMatch6.3.3.101

ivantiavalancheMatch6.3.3.101premise

ivantiavalancheMatch6.3.4

ivantiavalancheMatch6.3.4premise

ivantiavalancheMatch6.3.4.153premise

ivantiavalancheMatch6.4.0

ivantiavalancheMatch6.4.1

ivantiavalancheMatch6.4.1premise

ivantiavalancheMatch6.4.1.207premise

ivantiavalancheMatch6.4.1.236premise

ivantiavalancheMatch6.4.2premise

VendorProductVersionCPE
ivantiavalanche6.3.1cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*
ivantiavalanche6.3.1.1507cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*
ivantiavalanche6.3.3.101cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	avalanche	6.3.1	cpe:2.3:a:ivanti:avalanche:6.3.1::::premise:::
ivanti	avalanche	6.3.1.1507	cpe:2.3:a:ivanti:avalanche:6.3.1.1507::::premise:::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::::*
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::windows::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2::::premise:::
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490:::::::*
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490::::premise:::
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3:::::::*
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3::::premise:::
ivanti	avalanche	6.3.3.101	cpe:2.3:a:ivanti:avalanche:6.3.3.101:::::::*