CVE-2024-24998 – This path traversal vulnerability in Ivanti Ava... (How to Fix)

Q: What is the severity of CVE-2024-24998?

CVE-2024-24998 has a CVSS score of 8.8 (HIGH). This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It affects Ivanti Avalanche versions before 6.4.3. Attackers can leverage this to gain complete control over affected systems.

📋 TL;DR

This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It affects Ivanti Avalanche versions before 6.4.3. Attackers can leverage this to gain complete control over affected systems.

💻 Affected Systems

Products:

Ivanti Avalanche

Versions: All versions before 6.4.3

Operating Systems: Windows (since SYSTEM privilege implies Windows)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web component. Default installations are vulnerable.

📦 What is this software?

Avalanche by Ivanti

View all CVEs affecting Avalanche →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling data theft, ransomware deployment, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Unauthorized command execution leading to data exfiltration, credential harvesting, and installation of malware or persistence mechanisms.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH if Avalanche web interface is exposed to internet, as authenticated attackers can achieve full system compromise.

🏢 Internal Only: HIGH as authenticated internal users or compromised accounts can exploit this for privilege escalation and lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access but path traversal to RCE is typically straightforward once discovered. Weaponization likely given high impact and CVSS score.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.3

Vendor Advisory: https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US

Restart Required: Yes

Instructions:

1. Download Ivanti Avalanche 6.4.3 from official sources. 2. Backup current configuration and data. 3. Install the update following Ivanti's upgrade documentation. 4. Restart the Avalanche server and verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Avalanche web interface to trusted networks only

Authentication Hardening

all

Implement strong authentication controls and monitor for suspicious login attempts

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the Avalanche web interface
Enable detailed logging and monitoring for path traversal attempts and unusual command execution

🔍 How to Verify

Check if Vulnerable:

Check Avalanche version via web interface admin panel or installed program version

Check Version:

Check via Avalanche web interface: Admin > About, or on Windows: Check installed programs list for Ivanti Avalanche version

Verify Fix Applied:

Verify version is 6.4.3 or later in admin panel and test path traversal attempts are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual file path access patterns in web logs
Unexpected command execution events
Authentication from unusual sources

Network Indicators:

HTTP requests with directory traversal sequences (../, ..\) to Avalanche endpoints
Outbound connections from Avalanche server to unexpected destinations

SIEM Query:

source="avalanche_logs" AND (uri="*../*" OR uri="*..\\*" OR event="command_execution")

📊 Metadata

CVE ID: CVE-2024-24998

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-31

Published: April 19, 2024

Last Updated: May 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24998, you might also want to check these: