SB2025011593 - Multiple vulnerabilities in Ivanti Avalanche

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2024-13181)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the allowPassThrough method. A remote non-authenticated attacker can send a specially crafted HTTP request and bypass authentication.

Note, the vulnerability exists due to an incomplete fix for #VU98400 (CVE-2024-47010).

2) Path traversal (CVE-ID: CVE-2024-13180)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the Faces Mojarra component. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Note, the vulnerability exists due to incomplete fix for #VU98399 (CVE-2024-47011).

3) Path traversal (CVE-ID: CVE-2024-13179)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the SecureFilter class. A remote attacker can send a specially crafted HTTP request and bypass authentication.

Remediation

Install update from vendor's website.

References

• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs?language=en_US
• https://www.zerodayinitiative.com/advisories/ZDI-25-042/
• https://www.zerodayinitiative.com/advisories/ZDI-25-043/
• https://www.zerodayinitiative.com/advisories/ZDI-25-044/