A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche prior to 6.4.3 allows an authenticated remote malicious user to perform denial of service attacks.