APP: Ivanti Avalanche Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Ivanti Avalanche. A successful attack can lead to arbitrary code execution.
Extended Description
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.
Affected Products
Ivanti avalanche
References
CVE: CVE-2022-36971
URL: http://www.zerodayinitiative.com/advisories/ZDI-21-1323/ http://www.zerodayinitiative.com/advisories/ZDI-21-1326/ http://www.zerodayinitiative.com/advisories/ZDI-22-782/ https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt http://www.zerodayinitiative.com/advisories/ZDI-22-783/ http://www.zerodayinitiative.com/advisories/ZDI-22-779/ http://www.zerodayinitiative.com/advisories/ZDI-22-776/
Short Name
APP:MISC:IVANTI-MUL-INSEC-DSRLZ
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Avalanche CVE-2021-42127 CVE-2021-42130 CVE-2022-36971 CVE-2022-36974 Deserialization Insecure Ivanti
Release Date
04/05/2022
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3590
Port
TCP/7225
False Positive
Unknown
Vendors
Ivanti
CVSS Score
6.5
7.5