CVE-2024-13179

High

Published: 14 January 2025

Published

14 January 2025

Modified

16 January 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0098 76.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

Security Summary

CVE-2024-13179 is a path traversal vulnerability (CWE-22) in Ivanti Avalanche versions prior to 6.4.7 that allows a remote unauthenticated attacker to bypass authentication (CWE-288). Published on January 14, 2025, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.

A remote unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction. Exploitation enables bypassing authentication, potentially resulting in low-impact confidentiality disclosure, integrity modification, and availability disruption.

Ivanti's security advisory for Avalanche 6.4.7 details multiple CVEs, including this one, and recommends upgrading to version 6.4.7 to mitigate the issues.

Details

CWE(s): CWE-22CWE-288

Affected Products

ivanti

avalanche

≤ 6.4.7

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs
Vendor Advisory · 3c1d8aa1-5a33-4ea4-8992-aadd6440af75