CVE-2024-24994 – This path traversal vulnerability in Ivanti Ava... (How to Fix)

Q: What is the severity of CVE-2024-24994?

CVE-2024-24994 has a CVSS score of 8.8 (HIGH). This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It affects Ivanti Avalanche versions before 6.4.3. Attackers can achieve full system compromise through the web component.

📋 TL;DR

This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It affects Ivanti Avalanche versions before 6.4.3. Attackers can achieve full system compromise through the web component.

💻 Affected Systems

Products:

Ivanti Avalanche

Versions: All versions before 6.4.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface. The vulnerability is in the web component.

📦 What is this software?

Avalanche by Ivanti

View all CVEs affecting Avalanche →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with SYSTEM privileges, enabling installation of persistent malware, data exfiltration, and lateral movement across the network.

🟠

Likely Case

Attackers gain SYSTEM-level command execution, allowing them to install backdoors, steal credentials, and pivot to other systems.

🟢

If Mitigated

With proper network segmentation and least privilege, impact is limited to the Avalanche server itself, though SYSTEM access remains dangerous.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained. The CVSS score of 8.8 indicates high exploitability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.3

Vendor Advisory: https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US

Restart Required: Yes

Instructions:

1. Download Ivanti Avalanche 6.4.3 from the Ivanti support portal. 2. Backup current configuration and data. 3. Run the installer to upgrade to version 6.4.3. 4. Restart the Avalanche service or server as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to the Avalanche web interface to trusted IP addresses only.

Strong Authentication Controls

all

Implement multi-factor authentication and strong password policies for Avalanche accounts.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the Avalanche web interface.
Monitor for suspicious authentication attempts and command execution patterns on the Avalanche server.

🔍 How to Verify

Check if Vulnerable:

Check the Avalanche version in the web interface under Help > About. If version is below 6.4.3, the system is vulnerable.

Check Version:

Not applicable - check via web interface or Windows Programs and Features

Verify Fix Applied:

After patching, verify the version shows 6.4.3 or higher in Help > About.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns to Avalanche web interface
Suspicious command execution events in Windows Event Logs from Avalanche processes

Network Indicators:

Unusual outbound connections from the Avalanche server
Traffic patterns suggesting command and control activity

SIEM Query:

source="windows" AND (process_name="avalanche*" OR process_name="w3wp*") AND (event_id=4688 OR command_line CONTAINS "cmd.exe" OR command_line CONTAINS "powershell")

📊 Metadata

CVE ID: CVE-2024-24994

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: April 19, 2024

Last Updated: May 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24994, you might also want to check these: