Vulnerability Details : CVE-2023-28125
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-28125
- cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28125
2.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28125
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2023-28125
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: support@hackerone.com (Secondary)
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-28125
-
https://forums.ivanti.com/s/article/ZDI-CAN-17729-CVE-2023-28125-Bug-958437-ZDI-CAN-17729-Ivanti-Avalanche-InfoRail-Authentication-Bypass-Vulnerability?language=en_US
ZDI-CAN-17729 - CVE-2023-28125 - Bug 958437: ZDI-CAN-17729: Ivanti Avalanche InfoRail Authentication Bypass VulnerabilityVendor Advisory
Jump to