Vulnerability-Lookup

WID-SEC-W-2023-3198

Vulnerability from csaf_certbund - Published: 2023-12-20 23:00 - Updated: 2023-12-20 23:00

Summary

Ivanti Avalanche: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Ivanti Avalanche ist eine Mobile Device Management Lösung.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ivanti Avalanche ausnutzen, um Code auszuführen, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Windows - Sonstiges

CVE-2023-46804

In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Pufferüberläufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuführen, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich.

CVE-2023-46803

CVE-2023-46266

CVE-2023-46265

CVE-2023-46264

CVE-2023-46263

CVE-2023-46262

CVE-2023-46261

CVE-2023-46260

CVE-2023-46259

CVE-2023-46258

CVE-2023-46257

CVE-2023-46225

CVE-2023-46224

CVE-2023-46223

CVE-2023-46222

CVE-2023-46221

CVE-2023-46220

CVE-2023-46217

CVE-2023-46216

CVE-2023-41727

CVE-2021-22962

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://forums.ivanti.com/s/article/Avalanche-6-4…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Ivanti Avalanche ist eine Mobile Device Management L\u00f6sung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ivanti Avalanche ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3198 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3198.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3198 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3198"
      },
      {
        "category": "external",
        "summary": "Ivanti Security Advisory vom 2023-12-20",
        "url": "https://forums.ivanti.com/s/article/Avalanche-6-4-2-Security-Hardening-and-CVEs-addressed"
      }
    ],
    "source_lang": "en-US",
    "title": "Ivanti Avalanche: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-20T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:04.250+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-3198",
      "initial_release_date": "2023-12-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ivanti Avalanche \u003c 6.4.2",
            "product": {
              "name": "Ivanti Avalanche \u003c 6.4.2",
              "product_id": "T031786",
              "product_identification_helper": {
                "cpe": "cpe:/a:ivanti:avalanche:6.4.2"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ivanti"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46804",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46804"
    },
    {
      "cve": "CVE-2023-46803",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46803"
    },
    {
      "cve": "CVE-2023-46266",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46266"
    },
    {
      "cve": "CVE-2023-46265",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46265"
    },
    {
      "cve": "CVE-2023-46264",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46264"
    },
    {
      "cve": "CVE-2023-46263",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46263"
    },
    {
      "cve": "CVE-2023-46262",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46262"
    },
    {
      "cve": "CVE-2023-46261",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46261"
    },
    {
      "cve": "CVE-2023-46260",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46260"
    },
    {
      "cve": "CVE-2023-46259",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46259"
    },
    {
      "cve": "CVE-2023-46258",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46258"
    },
    {
      "cve": "CVE-2023-46257",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46257"
    },
    {
      "cve": "CVE-2023-46225",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46225"
    },
    {
      "cve": "CVE-2023-46224",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46224"
    },
    {
      "cve": "CVE-2023-46223",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46223"
    },
    {
      "cve": "CVE-2023-46222",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46222"
    },
    {
      "cve": "CVE-2023-46221",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46221"
    },
    {
      "cve": "CVE-2023-46220",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46220"
    },
    {
      "cve": "CVE-2023-46217",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46217"
    },
    {
      "cve": "CVE-2023-46216",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-46216"
    },
    {
      "cve": "CVE-2023-41727",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2023-41727"
    },
    {
      "cve": "CVE-2021-22962",
      "notes": [
        {
          "category": "description",
          "text": "In Ivanti Avalanche existieren mehrere Schwachstellen aufgrund von Puffer\u00fcberl\u00e4ufen, Nullzeiger-Dereferenzierung, Divide by Zero, Datei-Upload und SSRF-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, einen Denial of Service zu verursachen, Informationen preiszugeben und Sicherheitsvorkehrungen zu umgehen. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Benutzerinteraktion erforderlich."
        }
      ],
      "release_date": "2023-12-20T23:00:00.000+00:00",
      "title": "CVE-2021-22962"
    }
  ]
}

CVE-2023-46216 (GCVE-0-2023-46216)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Wavelink	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wavelink",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.330Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46216",
    "datePublished": "2023-12-19T15:43:26.330Z",
    "dateReserved": "2023-10-19T01:00:12.854Z",
    "dateUpdated": "2024-08-02T20:37:40.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46223 (GCVE-0-2023-46223)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Unaffected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "avalanche",
            "vendor": "ivanti",
            "versions": [
              {
                "status": "affected",
                "version": "6.4.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46223",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T19:55:44.881425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-121",
                "description": "CWE-121 Stack-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T20:17:22.738Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "unaffected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.253Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46223",
    "datePublished": "2023-12-19T15:43:26.253Z",
    "dateReserved": "2023-10-19T01:00:12.855Z",
    "dateUpdated": "2024-08-02T20:37:40.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46221 (GCVE-0-2023-46221)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Unaffected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "unaffected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.331Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46221",
    "datePublished": "2023-12-19T15:43:26.331Z",
    "dateReserved": "2023-10-19T01:00:12.855Z",
    "dateUpdated": "2024-08-02T20:37:40.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46220 (GCVE-0-2023-46220)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Unaffected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "unaffected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.358Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46220",
    "datePublished": "2023-12-19T15:43:26.358Z",
    "dateReserved": "2023-10-19T01:00:12.855Z",
    "dateUpdated": "2024-08-02T20:37:40.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46260 (GCVE-0-2023-46260)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-11-27 15:13

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T15:13:41.162725Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T15:13:51.763Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.348Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46260",
    "datePublished": "2023-12-19T15:43:26.348Z",
    "dateReserved": "2023-10-20T01:00:13.074Z",
    "dateUpdated": "2024-11-27T15:13:51.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46264 (GCVE-0-2023-46264)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-09-04 19:43

Summary

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.

Severity ?

7.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.155Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ivanti:avalanche:-:*:*:*:premise:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "avalanche",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThanOrEqual": "6.4.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46264",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T19:42:53.744981Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T19:43:27.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.340Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46264",
    "datePublished": "2023-12-19T15:43:26.340Z",
    "dateReserved": "2023-10-20T01:00:13.075Z",
    "dateUpdated": "2024-09-04T19:43:27.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46265 (GCVE-0-2023-46265)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-09-16 18:34

Summary

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T18:34:06.443922Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-611",
                "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T18:34:33.258Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.312Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46265",
    "datePublished": "2023-12-19T15:43:26.312Z",
    "dateReserved": "2023-10-20T01:00:13.075Z",
    "dateUpdated": "2024-09-16T18:34:33.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46222 (GCVE-0-2023-46222)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Unaffected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "unaffected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.329Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46222",
    "datePublished": "2023-12-19T15:43:26.329Z",
    "dateReserved": "2023-10-19T01:00:12.855Z",
    "dateUpdated": "2024-08-02T20:37:40.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46259 (GCVE-0-2023-46259)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.279Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46259",
    "datePublished": "2023-12-19T15:43:26.279Z",
    "dateReserved": "2023-10-20T01:00:13.074Z",
    "dateUpdated": "2024-08-02T20:37:40.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46217 (GCVE-0-2023-46217)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-11-27 15:13

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Wavelink	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46217",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-03T17:07:41.626943Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T15:13:07.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wavelink",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.322Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46217",
    "datePublished": "2023-12-19T15:43:26.322Z",
    "dateReserved": "2023-10-19T01:00:12.854Z",
    "dateUpdated": "2024-11-27T15:13:07.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46263 (GCVE-0-2023-46263)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.

Severity ?

7.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.291Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46263",
    "datePublished": "2023-12-19T15:43:26.291Z",
    "dateReserved": "2023-10-20T01:00:13.075Z",
    "dateUpdated": "2024-08-02T20:37:40.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-22962 (GCVE-0-2021-22962)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-03 18:58

Summary

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

Severity ?

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.251Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22962",
    "datePublished": "2023-12-19T15:43:26.251Z",
    "dateReserved": "2021-01-06T21:03:15.082Z",
    "dateUpdated": "2024-08-03T18:58:26.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46258 (GCVE-0-2023-46258)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.342Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46258",
    "datePublished": "2023-12-19T15:43:26.342Z",
    "dateReserved": "2023-10-20T01:00:13.074Z",
    "dateUpdated": "2024-08-02T20:37:40.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46266 (GCVE-0-2023-46266)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

Severity ?

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.348Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46266",
    "datePublished": "2023-12-19T15:43:26.348Z",
    "dateReserved": "2023-10-20T01:00:13.075Z",
    "dateUpdated": "2024-08-02T20:37:40.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46224 (GCVE-0-2023-46224)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-09-16 18:31

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46224",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-14T17:01:07.077199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T18:31:43.409Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.338Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46224",
    "datePublished": "2023-12-19T15:43:26.338Z",
    "dateReserved": "2023-10-19T01:00:12.855Z",
    "dateUpdated": "2024-09-16T18:31:43.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46803 (GCVE-0-2023-46803)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:53

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:53:21.704Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.341Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46803",
    "datePublished": "2023-12-19T15:43:26.341Z",
    "dateReserved": "2023-10-27T01:00:13.399Z",
    "dateUpdated": "2024-08-02T20:53:21.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46257 (GCVE-0-2023-46257)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2025-05-06 18:54

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46257",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-06T18:53:42.960963Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T18:54:15.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.308Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46257",
    "datePublished": "2023-12-19T15:43:26.308Z",
    "dateReserved": "2023-10-20T01:00:13.074Z",
    "dateUpdated": "2025-05-06T18:54:15.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46804 (GCVE-0-2023-46804)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:53

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:53:21.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.303Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46804",
    "datePublished": "2023-12-19T15:43:26.303Z",
    "dateReserved": "2023-10-27T01:00:13.399Z",
    "dateUpdated": "2024-08-02T20:53:21.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-41727 (GCVE-0-2023-41727)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2025-05-06 18:53

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Wavelink	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:01:35.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41727",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-06T18:52:42.346124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T18:53:20.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wavelink",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.326Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-41727",
    "datePublished": "2023-12-19T15:43:26.326Z",
    "dateReserved": "2023-08-31T01:00:11.771Z",
    "dateUpdated": "2025-05-06T18:53:20.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46225 (GCVE-0-2023-46225)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.285Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46225",
    "datePublished": "2023-12-19T15:43:26.285Z",
    "dateReserved": "2023-10-19T01:00:12.855Z",
    "dateUpdated": "2024-08-02T20:37:40.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46262 (GCVE-0-2023-46262)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.338Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46262",
    "datePublished": "2023-12-19T15:43:26.338Z",
    "dateReserved": "2023-10-20T01:00:13.075Z",
    "dateUpdated": "2024-08-02T20:37:40.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46261 (GCVE-0-2023-46261)

Vulnerability from cvelistv5 – Published: 2023-12-19 15:43 – Updated: 2024-08-02 20:37

Summary

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

hackerone

References

URL

Tags

https://download.wavelink.com/Files/avalanche_v6.…

Impacted products

	Vendor	Product	Version
	Ivanti	Avalanche	Affected: 6.4.1 , ≤ 6.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Avalanche",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-19T15:43:26.352Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-46261",
    "datePublished": "2023-12-19T15:43:26.352Z",
    "dateReserved": "2023-10-20T01:00:13.074Z",
    "dateUpdated": "2024-08-02T20:37:40.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-3198

CVE-2023-46216 (GCVE-0-2023-46216)

CVE-2023-46223 (GCVE-0-2023-46223)

CVE-2023-46221 (GCVE-0-2023-46221)

CVE-2023-46220 (GCVE-0-2023-46220)

CVE-2023-46260 (GCVE-0-2023-46260)

CVE-2023-46264 (GCVE-0-2023-46264)

CVE-2023-46265 (GCVE-0-2023-46265)

CVE-2023-46222 (GCVE-0-2023-46222)

CVE-2023-46259 (GCVE-0-2023-46259)

CVE-2023-46217 (GCVE-0-2023-46217)

CVE-2023-46263 (GCVE-0-2023-46263)

CVE-2021-22962 (GCVE-0-2021-22962)

CVE-2023-46258 (GCVE-0-2023-46258)

CVE-2023-46266 (GCVE-0-2023-46266)

CVE-2023-46224 (GCVE-0-2023-46224)

CVE-2023-46803 (GCVE-0-2023-46803)

CVE-2023-46257 (GCVE-0-2023-46257)

CVE-2023-46804 (GCVE-0-2023-46804)

CVE-2023-41727 (GCVE-0-2023-41727)

CVE-2023-46225 (GCVE-0-2023-46225)

CVE-2023-46262 (GCVE-0-2023-46262)

CVE-2023-46261 (GCVE-0-2023-46261)

Tags

Sightings

Nomenclature