Ivanti Avalanche 6.4.5 Security Advisory: SSRF/Path Traversal Vulnerabilities (CVE-2024-47008/47011/47010)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Name: Ivanti Avalanche 6.4.5 Security Advisory (Multiple CVE's) 2. Vulnerability Description: - CVE-2024-47008: Server-side request forgery in Ivanti Avalanche versions prior to 6.4.5 allows remote, unauthenticated attackers to leak sensitive information. - CVE-2024-47011: Path traversal in Ivanti Avalanche versions prior to 6.4.5 allows remote, unauthenticated attackers to leak sensitive information. - CVE-2024-47010: Path traversal in Ivanti Avalanche 6.4.5 allows remote, unauthenticated attackers to bypass authentication. 3. Vulnerability Severity: - CVE-2024-47008: High (7.5) - CVE-2024-47011: High (7.5) - CVE-2024-47010: High (7.3) 4. Affected Versions: - Avalanche 6.4.2.313 and earlier versions 5. Solution: - Download the Avalanche installer and upgrade to Avalanche 6.4.5. - The installation will apply fixes for each CVE listed. 6. Affected CPE: - cpe:2.3:a:ivanti:avalanche:6.4.2::::premise:: 7. Fixed Version: - 6.4.5 8. Patch Availability: - Download Portal: https://www.wavelink.com/Download-Avalanche_Mobile-Device-Management-Software/ 9. FAQ: - 1. Are there known active exploits? - We are not aware of any customers being exploited prior to public disclosure. - 2. How to determine if already attacked? - There are no known public exploits at this time; therefore, no indicators of compromise can be provided. - 3. What to do if needing help?** - If you have any questions, please log a case or request phone support. This information helps users understand the details of the vulnerabilities, affected versions, remediation steps, and how to obtain further assistance.

Goal Reached Thanks to every supporter — we hit 100%!

Ivanti Avalanche 6.4.5 Security Advisory: SSRF/Path Traversal Vulnerabilities (CVE-2024-47008/47011/47010)