APP: Ivanti Avalanche PrinterDeviceServer Service Command Injection
This signature detects attempts to exploit a known vulnerability against Ivanti Avalanche PrinterDeviceServer Service. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
Affected Products
Ivanti avalanche
References
CVE: CVE-2021-42131
URL: http://www.zerodayinitiative.com/advisories/ZDI-21-1327/ http://www.zerodayinitiative.com/advisories/ZDI-21-1302/ http://www.zerodayinitiative.com/advisories/ZDI-22-777/ https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt http://www.zerodayinitiative.com/advisories/ZDI-22-781/ http://www.zerodayinitiative.com/advisories/ZDI-22-788/ http://www.zerodayinitiative.com/advisories/ZDI-22-780/ http://www.zerodayinitiative.com/advisories/ZDI-22-778/
Short Name
APP:MISC:IVANTI-PDS-SRV-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Avalanche CVE-2021-42131 CVE-2021-42132 Command Injection Ivanti PrinterDeviceServer Service
Release Date
03/22/2022
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3590
Port
TCP/7225
False Positive
Unknown
Vendors
Ivanti
CVSS Score
6.5