CVE-2022-36980

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt	Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-22-785/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*

History

06 Apr 2023, 14:49

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ivanti:avalanche::::::::
First Time		Ivanti Ivanti avalanche
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
References	~~(MISC) https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt -~~	(MISC) https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt - Release Notes
References	~~(MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-785/ -~~	(MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-785/ - Third Party Advisory, VDB Entry

29 Mar 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-29 19:15

Updated : 2023-12-10 15:01

NVD link : CVE-2022-36980

Mitre link : CVE-2022-36980

CVE.ORG link : CVE-2022-36980

JSON object : View

Products Affected

ivanti

avalanche

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

{"id": "CVE-2022-36980", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2023-03-29T19:15:12.540", "references": [{"url": "https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt", "tags": ["Release Notes"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-785/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}, {"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528."}], "lastModified": "2023-04-06T14:49:12.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15814CD7-C562-4360-8E57-354E1D275F92", "versionEndExcluding": "6.3.4", "versionStartIncluding": "6.3.2.3490"}], "operator": "OR"}]}], "sourceIdentifier": "zdi-disclosures@trendmicro.com"}