Vulnérabilité CVE-2023-32563 CVE Vulnerability

An unauthenticated attacker could achieve the code execution through a RemoteControl server. (CVSS:9.8) (Last Update:2023-08-15 20:10:37)

Vulnerability Details :

An unauthenticated attacker could achieve the code execution through a RemoteControl server.

Published 2023-08-10 20:15:10

Updated 2023-08-15 20:10:37

View at NVD, CVE.org

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 %EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
8.8	HIGH	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	[email protected]
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Assigned by: [email protected] (Primary)

Ivanti » Avalanche
Versions before (<) 6.4.1
cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
Matching versions