CVE-2023-28128

Опубликовано: 09 мая 2023

Источник: nvd

CVSS3: 7.2

EPSS Высокий

Описание

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.

Ссылки

http://packetstormsecurity.com/files/172398/Ivanti-Avalanche-FileStoreConfig-Shell-Upload.html
https://forums.ivanti.com/s/article/ZDI-CAN-17812-Ivanti-Avalanche-FileStoreConfig-Arbitrary-File-Upload-Remote-Code-Execution-Vulnerability?language=en_US
Vendor Advisory
http://packetstormsecurity.com/files/172398/Ivanti-Avalanche-FileStoreConfig-Shell-Upload.html
https://forums.ivanti.com/s/article/ZDI-CAN-17812-Ivanti-Avalanche-FileStoreConfig-Arbitrary-File-Upload-Remote-Code-Execution-Vulnerability?language=en_US
Vendor Advisory
https://packetstorm.news/files/id/172398

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*

Версия до 6.3.4.153 (включая)

EPSS

Процентиль: 99%

0.88064

Высокий

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-8mxm-mxmw-hjrg