HTTP: Ivanti Avalanche Enterprise Service Arbitrary File Upload
This signature detects attempts to exploit a known vulnerability against Ivanti Avalanche Enterprise Service. A successful attack can lead to arbitrary code execution.
Extended Description
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
Affected Products
Ivanti avalanche
References
CVE: CVE-2023-32564
URL: http://www.zerodayinitiative.com/advisories/ZDI-23-456/ https://download.wavelink.com/Files/avalanche_v6.4.0_release_notes.txt https://download.wavelink.com/Files/avalanche_v6.4.1_release_notes.txt http://www.zerodayinitiative.com/advisories/ZDI-23-1117/ https://www.zerodayinitiative.com/advisories/ZDI-24-056/ http://www.zerodayinitiative.com/advisories/ZDI-24-055/ http://www.zerodayinitiative.com/advisories/ZDI-24-504/ https://www.zerodayinitiative.com/advisories/ZDI-23-1119/
Short Name
HTTP:CTS:IVANTI-AVA-ES-FUPLOAD
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary Avalanche CVE-2021-42125 CVE-2023-28128 CVE-2023-32562 CVE-2023-32564 CVE-2023-46263 CVE-2023-46264 CVE-2024-29848 Enterprise File Ivanti Service Upload
Release Date
01/20/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3806
False Positive
Unknown
Vendors
Ivanti
CVSS Score
6.5