Login Sign Up

CVE-2024-29848

7.2 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated privileged users in Ivanti Avalanche to upload arbitrary files, leading to remote code execution with SYSTEM privileges. It affects Ivanti Avalanche web components before version 6.4.x. Attackers with valid credentials can achieve complete system compromise.

💻 Affected Systems

Products:
  • Ivanti Avalanche
Versions: All versions before 6.4.x
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated privileged user access to the web component.

📦 What is this software?

Avalanche by Ivanti

View all CVEs affecting Avalanche →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM privileges, allowing attackers to install persistent backdoors, steal sensitive data, pivot to other systems, and disrupt critical infrastructure.

🟠

Likely Case

Privilege escalation leading to lateral movement within the network, data exfiltration, and deployment of ransomware or other malware.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and file upload restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated privileged access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.3.602 or later

Vendor Advisory: https://forums.ivanti.com/s/article/Security-Advisory-May-2024

Restart Required: Yes

Instructions:

1. Download Ivanti Avalanche version 6.4.3.602 or later from official sources. 2. Backup current configuration and data. 3. Install the update following Ivanti's upgrade documentation. 4. Restart the Avalanche server and verify functionality.

🔧 Temporary Workarounds

Restrict File Upload Types

all

Configure web server to only allow specific file types and validate file extensions server-side.

Implement Web Application Firewall Rules

all

Deploy WAF rules to block malicious file upload patterns and command execution attempts.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Avalanche servers from critical systems.
  • Enforce multi-factor authentication and strong password policies for all privileged accounts.

🔍 How to Verify

Check if Vulnerable:

Check Ivanti Avalanche version in web interface or via system information. Versions below 6.4.x are vulnerable.

Check Version:

Check web interface or system properties for version information.

Verify Fix Applied:

Verify version is 6.4.3.602 or later and test file upload functionality with restricted file types.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to Avalanche web interface
  • Suspicious process creation with SYSTEM privileges
  • Failed authentication attempts followed by successful privileged access

Network Indicators:

  • Unusual outbound connections from Avalanche server
  • Traffic patterns indicating command and control activity

SIEM Query:

source="avalanche" AND (event="file_upload" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2024-29848
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: May 31, 2024
Last Updated: May 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29848, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)