RCE in Ivanti Avalanche

CVE-2021-42132

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.696 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a Ivanti Avalanche — versions 6.3.3

Weakness classification (CWE)

CWE-77 — Command Injection

References

forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3 (x_refsource_MISC)