Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Avalanche  Security Vulnerabilities
CVE-2023-46261
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-12-19
CVE-2023-46262
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CVSS Score
7.5
EPSS Score
0.502
Published
2023-12-19
CVE-2023-46263
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
CVSS Score
7.2
EPSS Score
0.788
Published
2023-12-19
CVE-2023-46264
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVSS Score
7.2
EPSS Score
0.651
Published
2023-12-19
CVE-2023-46265
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVSS Score
6.5
EPSS Score
0.017
Published
2023-12-19
CVE-2023-46266
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
CVSS Score
7.3
EPSS Score
0.009
Published
2023-12-19
CVE-2023-46803
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.006
Published
2023-12-19
CVE-2023-46224
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVSS Score
9.8
EPSS Score
0.032
Published
2023-12-19
CVE-2023-46225
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-12-19
CVE-2023-46257
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-12-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved