CVE-2024-24992

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Configurations

No configuration.

History

21 Nov 2024, 09:00

Type Values Removed Values Added
References () ZDI-CAN-22854https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US - () ZDI-CAN-22854https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US -

03 Jul 2024, 01:48

Type Values Removed Values Added
CWE CWE-22

19 Apr 2024, 13:10

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de Path Traversal en el componente web de Ivanti Avalanche anterior a 6.4.3 permite a un atacante remoto autenticado ejecutar comandos arbitrarios como SYSTEM.

19 Apr 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-19 02:15

Updated : 2024-11-21 09:00


NVD link : CVE-2024-24992

Mitre link : CVE-2024-24992

CVE.ORG link : CVE-2024-24992


JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')