Ivanti Avalanche Security Update Advisory

Jan 21 2025

Overview

We have released a security update to address a vulnerability in Ivanti Avalanche. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-13179, CVE-2024-13180, CVE-2024-13181

Ivanti Avalanche Version: ~ 6.4.6 (inclusive)

Resolved Vulnerabilities

Path traversal vulnerability that could allow authentication to be bypassed (CVE-2024-13179)
path traversal vulnerability that could allow authentication to be bypassed and sensitive information to be exfiltrated (CVE-2024-13180)
path traversal vulnerability that could allow remote unauthorized users to gain access by bypassing authentication (CVE-2024-13181)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-13179, CVE-2024-13180, CVE-2024-13181

Ivanti Avalanche Version: 6.4.7

References

[1] Security Advisory Ivanti Avalanche 6.4.7 (Multiple CVEs)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs?language=en_US&_gl=1*1dlaqtc*_gcl_au*MTY0NzEyMjczMS4xNzM3NDIzODI4

Ivanti Avalanche Security Update Advisory

Siemens Product Security Update Advisory

Cisco Family January 2025 First Round Security Update Advisory

Tags:

Siemens Product Security Update Advisory

Cisco Family January 2025 First Round Security Update Advisory