Vulnerability Description
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Avalanche | < 6.4.3.602 |
Related Weaknesses (CWE)
References
- https://forums.ivanti.com/s/article/Security-Advisory-May-2024Vendor Advisory
- https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardVendor Advisory
- https://forums.ivanti.com/s/article/Security-Advisory-May-2024Vendor Advisory
- https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardVendor Advisory
FAQ
What is CVE-2024-29848?
CVE-2024-29848 is a vulnerability with a CVSS score of 7.2 (HIGH). An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
How severe is CVE-2024-29848?
CVE-2024-29848 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29848?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Avalanche.