Vulnerability in Avalanche

CVE-2023-28126

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.

EPSS: 0.667 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a Avalanche — versions Avalanche versions 6.3.x and below

Weakness classification (CWE)

CWE-305 — Authentication Bypass by Primary Weakness

References

forums.ivanti.com/s/article/ZDI-CAN-17750-Ivanti-Avalanche-EnterpriseServer-Get…