CVE-2022-36973: 
Ivanti Avalanche vulnerability analysis and mitigation

CVE-2022-36973 is a critical authentication bypass vulnerability affecting Ivanti Avalanche version 6.3.2.3490. The vulnerability was discovered in the ProfileDaoImpl class and allows remote attackers to bypass authentication mechanisms, even though authentication is normally required. The vulnerability was reported through the Zero Day Initiative program as ZDI-CAN-15329 and was subsequently patched in version 6.3.4 (Zero Day Initiative, Release Notes).

The vulnerability exists within the ProfileDaoImpl class of Ivanti Avalanche. The specific flaw involves SQL queries that can be composed from user-supplied strings, allowing for SQL injection attacks. The vulnerability has received a CVSS v3.1 base score of 8.8 (HIGH) from NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Zero Day Initiative assessed it at 9.1 (CRITICAL) with vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (Zero Day Initiative).

The vulnerability allows attackers to bypass the authentication mechanism completely on affected Ivanti Avalanche installations. This bypass could potentially give attackers unauthorized access to the system, compromising the confidentiality and integrity of the affected systems (Zero Day Initiative).

Ivanti has addressed this vulnerability in Avalanche version 6.3.4. Users are advised to upgrade to this version to protect against the authentication bypass vulnerability. The fix is documented in the release notes as addressing ZDI-CAN-15329 (Release Notes).