2024-08-14 04:03:15 +00:00
{
"id" : "CVE-2024-36136" ,
"sourceIdentifier" : "support@hackerone.com" ,
"published" : "2024-08-14T03:15:04.390" ,
2024-08-15 18:03:30 +00:00
"lastModified" : "2024-08-15T17:31:15.880" ,
"vulnStatus" : "Analyzed" ,
2024-08-14 04:03:15 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS."
2024-08-14 14:03:13 +00:00
} ,
{
"lang" : "es" ,
"value" : "Un error de uno en uno en WLInfoRailService en Ivanti Avalanche 6.3.1 permite que un atacante remoto no autenticado bloquee el servicio, lo que resulta en un DoS."
2024-08-14 04:03:15 +00:00
}
] ,
"metrics" : {
2024-08-15 18:03:30 +00:00
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH" ,
2024-08-15 18:03:30 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-08-15 18:03:30 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.6
}
] ,
2024-08-14 04:03:15 +00:00
"cvssMetricV30" : [
{
"source" : "support@hackerone.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.0" ,
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH" ,
2024-08-14 04:03:15 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-08-14 04:03:15 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.6
}
]
} ,
2024-08-14 16:03:15 +00:00
"weaknesses" : [
2024-08-15 18:03:30 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-193"
}
]
} ,
2024-08-14 16:03:15 +00:00
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-193"
}
]
}
] ,
2024-08-15 18:03:30 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "6060540C-A977-4E2A-8E1B-41CC3C3E92ED"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "771C1447-6F5E-45DE-BDE6-8FFBB4708D67"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "778D9C09-12BB-47FC-B74B-DC114AE3A540"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*" ,
"matchCriteriaId" : "617DA85C-5FCE-4650-99AA-A1052E690B2C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "44ABD265-3F8F-415A-96B3-16975661CDEB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CF93250C-0754-4B87-9BBE-DDF255EEB157"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "521CD0B6-8348-41D6-8AD8-79F884F4F10F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3162335B-9FA4-4AC3-85F0-BD34F859EDFB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "03E7F6CA-8A72-4A3E-A281-2A7653162FB3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E2AB421E-C976-4CFF-93F9-40354CB579C5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "4C581973-06B3-4E16-B37C-41FE7B4388CB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FE9E1AF8-A8ED-4E49-B25F-E27AD4B61E7D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "3CC6AA75-22CD-4588-A1F9-574D7E7698CF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "F5A7D50A-DD35-40B6-B4AD-8703DB016E90"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1196CC8F-4D46-4258-9997-1C7E9954A8D6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DF9D82B4-4AF6-4E14-AACE-56982D4F8969"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "5FA149E2-AF10-4D3A-9F6C-8AF74110DEF8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.4.1.207:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "CC521F86-4E3F-4217-836D-235B1D9E8876"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.4.1.236:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "45AA1E4F-2B38-42A3-A99C-F7ED17067E00"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:*" ,
"matchCriteriaId" : "78794BF3-682E-4256-92DA-D669BF78A297"
}
]
}
]
}
] ,
2024-08-14 04:03:15 +00:00
"references" : [
{
"url" : "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373" ,
2024-08-15 18:03:30 +00:00
"source" : "support@hackerone.com" ,
"tags" : [
"Vendor Advisory"
]
2024-08-14 04:03:15 +00:00
}
]
}
