CVE-2023-46260
Ivanti Avalanche WLAvalancheService TV_NL Null Pointer Dereference Denial-of-Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the WLAvalancheService. The issue results from dereferencing a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-20 CVE Reserved
- 2023-12-19 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt | 2023-12-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ivanti Search vendor "Ivanti" | Avalanche Search vendor "Ivanti" for product "Avalanche" | < 6.4.2 Search vendor "Ivanti" for product "Avalanche" and version " < 6.4.2" | premise |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|