CVE-2022-36972

moderate-risk
Published 2023-03-29

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.

Do I need to act?

~
8.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Ivanti

References (4)

Release Notes https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt
Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-22-777/
Release Notes https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt
Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-22-777/
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 5/34 · Minimal