What is CVE-2022-44574?

CVE-2022-44574 is a vulnerability in Ivanti Avalanche, classified under Improper Authentication. Published 2023-03-10.

Is CVE-2022-44574 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Ivanti Avalanche

CVE-2022-44574

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

Vulnerability class: Broken Authentication

EPSS: 0.648 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a Ivanti Avalanche — versions Fixed in version 6.4.0 and above

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

karimhabush/cyberowl

References

forums.ivanti.com/s/article/Avalanche-ZDI-CAN-19513-Security-Advisory

Frequently asked questions

What is CVE-2022-44574?: CVE-2022-44574 is a vulnerability in Ivanti Avalanche, classified under Improper Authentication. Published 2023-03-10.
Is CVE-2022-44574 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.