CVE-2024-27984 – This path traversal vulnerability in Ivanti Ava... (How to Fix)

Q: What is the severity of CVE-2024-27984?

CVE-2024-27984 has a CVSS score of 7.1 (HIGH). This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to delete specific files or cause denial of service. It affects Ivanti Avalanche versions before 6.4.3. Attackers must have valid authentication credentials to exploit this vulnerability.

📋 TL;DR

This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to delete specific files or cause denial of service. It affects Ivanti Avalanche versions before 6.4.3. Attackers must have valid authentication credentials to exploit this vulnerability.

💻 Affected Systems

Products:

Ivanti Avalanche

Versions: All versions before 6.4.3

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web component. All default configurations are vulnerable.

📦 What is this software?

Avalanche by Ivanti

View all CVEs affecting Avalanche →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical system files could be deleted, causing complete system failure, data loss, and extended service disruption.

🟠

Likely Case

Attackers delete configuration or log files, causing service disruption and operational impact until restoration.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to temporary service disruption with quick recovery.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access. Path traversal techniques are well-documented and relatively simple to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.3

Vendor Advisory: https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US

Restart Required: Yes

Instructions:

1. Download Ivanti Avalanche 6.4.3 from official sources. 2. Backup current configuration and data. 3. Run the installer and follow upgrade prompts. 4. Restart the Avalanche service after installation completes.

🔧 Temporary Workarounds

Restrict Network Access

all

Limit access to Avalanche web interface to trusted IP addresses only

Implement Web Application Firewall

all

Deploy WAF with path traversal protection rules

🧯 If You Can't Patch

Implement strict access controls and limit user permissions to minimum required
Enable detailed logging and monitoring for file deletion attempts and path traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check Avalanche version in web interface or via system information. If version is below 6.4.3, system is vulnerable.

Check Version:

Check via Avalanche web interface: Admin > System Information > Version

Verify Fix Applied:

Verify version is 6.4.3 or higher in system information and test web component functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion events in system logs
Path traversal patterns in web access logs (../ sequences)
Failed authentication attempts followed by file operations

Network Indicators:

HTTP requests containing ../ sequences to Avalanche web endpoints
Multiple DELETE requests to unusual file paths

SIEM Query:

source="avalanche_logs" AND (event_type="file_delete" OR uri="*../*")

📊 Metadata

CVE ID: CVE-2024-27984

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-22

Published: April 19, 2024

Last Updated: May 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27984, you might also want to check these: