CVE-2024-36136

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 14, 2024

Updated: Aug 15, 2024

CWE ID 193

Summary

CVE-2024-36136 is a newly disclosed vulnerability affecting Ivanti Avalanche 6.3.1. An off-by-one error exists in WLInfoRailService, which can be exploited by unauthenticated attackers to cause the service to crash. This leads to a Denial of Service (DoS) condition, making the service unavailable for intended users. The specific error details have not been released, but it is recommended that affected organizations apply the available patch as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ivanti Avalanche

Affected Vendors

Ivanti Software Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wCWlWf
https://www.cve.org/CVERecord?id=CVE-2024-36136
https://nvd.nist.gov/vuln/detail/CVE-2024-36136

Back to Vulnerability Database