CVE-2021-42133: 
Ivanti Avalanche vulnerability analysis and mitigation

An exposed dangerous function vulnerability (CVE-2021-42133) was discovered in Ivanti Avalanche versions prior to 6.3.3. The vulnerability allows an attacker with access to the Inforail Service to perform arbitrary file write operations (NVD).

The vulnerability exists within the saveConfig method of the Inforail Service. The core issue stems from inadequate validation of user-supplied data, which enables the upload of arbitrary files. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, indicating network accessibility with low attack complexity (ZDI).

When successfully exploited, this vulnerability allows attackers to execute code in the context of the service account through arbitrary file write operations. The high impact scores for integrity and availability (I:H/A:H) indicate potential severe consequences for system security (ZDI).

The vulnerability has been fixed in Ivanti Avalanche version 6.3.3. Organizations running affected versions should upgrade to version 6.3.3 or later to mitigate this security risk (NVD).