This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Ivanti Avalanche suffers from a **Path Traversal** vulnerability.β¦
π‘οΈ **Root Cause**: The flaw lies in the **javax.faces.resource** component. <br>β **Flaw**: It fails to properly sanitize user input, allowing path traversal sequences to access files outside the intended directory.
Q3Who is affected? (Versions/Components)
π― **Affected**: **Ivanti Avalanche** Enterprise Mobile Device Management. <br>π¦ **Version**: Specifically tested on **v6.3.4.153**. Other versions may also be at risk.
Q4What can hackers do? (Privileges/Data)
π» **Hackers' Power**: Gain **Unauthenticated** access to files. <br>π **Target**: Any file under `C:\PROGRAM DATA\Wavelink\AVALANCHE\Web\webapps\AvalancheWeb`.β¦
π **Threshold**: **LOW**. <br>π€ **Auth**: **Unauthenticated** (No login required!). <br>βοΈ **Config**: Works on default configurations, making it easy to exploit.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Exploit Status**: **YES**. <br>π **PoC**: Publicly available on GitHub (JBalanza/CVE-2023-41474). <br>β οΈ **Risk**: Wild exploitation is possible since the proof-of-concept is open source.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for the **javax.faces.resource** endpoint. <br>π§ͺ **Test**: Attempt to request files with `.xml` or `.html` extensions using path traversal characters (e.g., `../`).β¦
π¨ **Urgency**: **HIGH**. <br>β‘ **Why**: It is **Unauthenticated** and has a **Public PoC**. <br>π **Action**: Patch immediately or apply mitigations to prevent data leakage.