CVE-2024-50317 – A null pointer dereference vulnerability in Iva... (How to Fix)

Q: What is the severity of CVE-2024-50317?

CVE-2024-50317 has a CVSS score of 7.5 (HIGH). A null pointer dereference vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to crash the service, causing denial of service. This affects all Ivanti Avalanche installations before version 6.4.6 that are exposed to network access.

📋 TL;DR

A null pointer dereference vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to crash the service, causing denial of service. This affects all Ivanti Avalanche installations before version 6.4.6 that are exposed to network access.

💻 Affected Systems

Products:

Ivanti Avalanche

Versions: All versions before 6.4.6

Operating Systems: Windows Server

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all default installations of Ivanti Avalanche before 6.4.6 when network accessible.

📦 What is this software?

Avalanche by Ivanti

View all CVEs affecting Avalanche →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of Ivanti Avalanche, disrupting mobile device management capabilities across the enterprise.

🟠

Likely Case

Service crashes requiring manual restart, causing temporary disruption to device management operations.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring allowing quick service restoration.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Null pointer dereference vulnerabilities typically require minimal exploitation complexity when accessible remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.6

Vendor Advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release

Restart Required: Yes

Instructions:

1. Download Ivanti Avalanche 6.4.6 from the Ivanti support portal. 2. Backup current configuration. 3. Run the installer to upgrade to version 6.4.6. 4. Restart the Avalanche service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Ivanti Avalanche to trusted management networks only

Firewall Rules

all

Implement firewall rules to block external access to Avalanche ports (typically 1777, 1778, 1779)

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to trusted IP addresses only
Deploy monitoring and alerting for Avalanche service crashes with automated restart capabilities

🔍 How to Verify

Check if Vulnerable:

Check the Avalanche version in the web interface under Help > About or via the Avalanche Console

Check Version:

Not applicable - version check through GUI only

Verify Fix Applied:

Verify version shows 6.4.6 or higher in the Avalanche interface

📡 Detection & Monitoring

Log Indicators:

Avalanche service crash events in Windows Event Logs
Unexpected service termination logs in Avalanche logs

Network Indicators:

Unusual traffic patterns to Avalanche ports from untrusted sources
Multiple connection attempts followed by service unavailability

SIEM Query:

source="windows" AND event_id=7034 AND service_name="Avalanche" OR source="avalanche" AND message="crash" OR "terminated"

📊 Metadata

CVE ID: CVE-2024-50317

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: November 12, 2024

Last Updated: November 18, 2024

🔗 References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50317, you might also want to check these: