Login Sign Up

CVE-2024-47008

7.5 HIGH
SSRF

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to make the server send requests to internal systems, potentially exposing sensitive information. All organizations running vulnerable versions of Ivanti Avalanche are affected. The attacker does not need authentication to exploit this vulnerability.

💻 Affected Systems

Products:
  • Ivanti Avalanche
Versions: All versions before 6.4.5
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability affects the default configuration of Ivanti Avalanche installations.

📦 What is this software?

Avalanche by Ivanti

View all CVEs affecting Avalanche →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains access to internal systems, sensitive data, or performs lateral movement within the network by exploiting the SSRF to interact with internal services.

🟠

Likely Case

Information disclosure of internal system details, configuration data, or credentials from internal services that the Avalanche server can reach.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing the Avalanche server from reaching sensitive internal systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SSRF vulnerabilities typically have low exploitation complexity, especially when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.5

Vendor Advisory: https://forums.ivanti.com/s/article/Ivanti-Avalanche-6-4-5-Security-Advisory

Restart Required: Yes

Instructions:

1. Download Ivanti Avalanche version 6.4.5 from the official Ivanti portal. 2. Backup your current Avalanche configuration and database. 3. Run the installer to upgrade to version 6.4.5. 4. Restart the Avalanche service or server as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to the Avalanche server to prevent it from reaching sensitive internal systems.

Firewall Rules

all

Implement firewall rules to block outbound connections from the Avalanche server to internal networks.

🧯 If You Can't Patch

  • Isolate the Avalanche server in a DMZ or restricted network segment
  • Implement strict outbound firewall rules to limit the server's network access

🔍 How to Verify

Check if Vulnerable:

Check the Avalanche version in the web interface or configuration files. If version is below 6.4.5, the system is vulnerable.

Check Version:

Check the Avalanche web interface under Help > About, or examine the installation directory for version files.

Verify Fix Applied:

Verify the Avalanche version shows 6.4.5 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the Avalanche server
  • Requests to internal IP addresses or services from the Avalanche server

Network Indicators:

  • Unexpected HTTP traffic from Avalanche server to internal systems
  • SSRF payload patterns in network traffic

SIEM Query:

source_ip="avalanche_server_ip" AND (dest_ip="internal_network_range" OR dest_port IN (80, 443, 8080, 8443))

📊 Metadata

CVE ID: CVE-2024-47008
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-918
Published: October 8, 2024
Last Updated: October 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47008, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)