CVE-2021-30497
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
Ivanti Avalanche (Premise) versión 6.3.2 permite a usuarios remotos no autenticados leer archivos arbitrarios por medio de un Salto de Ruta Absoluto. No es verificado que el parámetro imageFilePath procesado por el endpoint /AvalancheWeb/image esté dentro del ámbito de la carpeta de imágenes, por ejemplo, el atacante puede obtener información confidencial por medio del valor C:/Windows/system32/config/system.sav
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-11 CVE Reserved
- 2022-04-06 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://forums.ivanti.com/s/article/Security-Alert-CVE-2021-30497-Directory-Traversal-Vulnerability?language=en_US | 2022-04-13 |
| URL | Date | SRC |
|---|---|---|
| https://help.ivanti.com/wl/help/en_us/aod/5.4/Avalanche/Console/Launching_the_Avalanche.htm | 2022-04-13 |