Ivanti.Avalanche.FileStoreConfig.Arbitrary.File.Upload
Description
This indicates an attack attempt to exploit an Unrestricted File Upload Vulnerability in Ivanti Avalanche .
This vulnerability is due to improper input validation of uploading a files. A remote, authenticated attacker can exploit this vulnerability by uploading a crafted file to the target server. Successfully exploiting this vulnerability can result in uploading of web shells and remote code execution.
Affected Products
Ivanti Avalanche version 6.3.4.153 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor:
https://forums.ivanti.com/s/article/ZDI-CAN-17812-Ivanti-Avalanche-FileStoreConfig-Arbitrary-File-Upload-Remote-Code-Execution-Vulnerability?language=en_US
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |