virus logo Intrusion Prevention

Ivanti.Avalanche.SmartDeviceServer.Directory.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Ivanti Avalanche.
The vulnerability is due to a lack of input validation in the getLogFile method of the DeviceLogsManager class. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the read of arbitrary files on the target server under the security context of the server process.

affected-products-logoAffected Products

Ivanti Avalanche prior to 6.3.4

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-08-04 21.368 Default_action:pass:drop
2022-07-26 21.363
ID 51876
Created Jul 18, 2022
Updated Aug 03, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows
Affected App Other