CVE-2024-29848

Summary

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.

Affected Software

VendorProductVersion RangeStatus
IvantiAvalanche6.4.3 <= 6.4.3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References