CVE-2022-44574 : An improper authentication vulnerability exists in Avalanche version 6.3.x and b

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

Published 2023-03-10 22:15:10

Updated 2023-03-16 16:03:22

Source HackerOne

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2022-44574

Ivanti » Avalanche
Versions before (<) 6.4.0
cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-44574

EPSS FAQ

49.70%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-44574

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2022-44574

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)

References for CVE-2022-44574

https://forums.ivanti.com/s/article/Avalanche-ZDI-CAN-19513-Security-Advisory?language=en_US

Avalanche ZDI-CAN-19513 Security Advisory
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-44574

Products affected by CVE-2022-44574

Exploit prediction scoring system (EPSS) score for CVE-2022-44574

CVSS scores for CVE-2022-44574

CWE ids for CVE-2022-44574

References for CVE-2022-44574