CVE-2022-43554: 
Ivanti Avalanche vulnerability analysis and mitigation

CVE-2022-43554 is a local privilege escalation vulnerability affecting Ivanti Avalanche Smart Device Service. The vulnerability was discovered and reported through Trend Micro's Zero Day Initiative and was addressed in Avalanche Premise version 6.4.1.236. The vulnerability received a CVSS v3.1 base score of 7.8 (HIGH) (NVD).

The vulnerability is classified as CWE-306 (Missing Authentication for Critical Function). It has a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that it requires local access, low attack complexity, low privileges, and no user interaction to exploit. The successful exploitation could lead to high impacts on confidentiality, integrity, and availability of the system (NVD).

The vulnerability allows an attacker with local access to escalate privileges on affected systems. The high CVSS score indicates that successful exploitation could result in complete compromise of the system's confidentiality, integrity, and availability (NVD).

Ivanti has released version 6.4.1.236 of Avalanche Premise which includes security hardening fixes for this vulnerability. Users are advised to upgrade to this version to address the security issue (Release Notes).