Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-28128

Published: 09/05/2023 Updated: 16/05/2023
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Ivanti

Vulnerability Summary

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an malicious user to achieve a remove code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ivanti avalanche

Exploits

Exploit DB: Ivanti Avalanche FileStoreConfig Shell Upload
Ivanti Avalanche versions prior to 640186 permits MS-DOS style short names in the configuration path for the Central FileStore Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve remote command execution as NT AUTHORITY\SYSTEM ...

References

CWE-434https://forums.ivanti.com/s/article/ZDI-CAN-17812-Ivanti-Avalanche-FileStoreConfig-Arbitrary-File-Upload-Remote-Code-Execution-Vulnerability?language=en_UShttp://packetstormsecurity.com/files/172398/Ivanti-Avalanche-FileStoreConfig-Shell-Upload.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/172398/Ivanti-Avalanche-FileStoreConfig-Shell-Upload.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-23-456/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook