CVE-2023-46264: 
Ivanti Avalanche vulnerability analysis and mitigation

An unrestricted upload of file with dangerous type vulnerability exists in Ivanti Avalanche versions 6.4.1 and below that could allow an attacker to achieve remote code execution. The vulnerability was discovered and reported through HackerOne, and was assigned CVE-2023-46264. The issue affects Ivanti Avalanche on-premise installations up to version 6.4.1, with a fix released in version 6.4.2 (NVD, Release Notes).

The vulnerability exists within the FileStoreConfig application of Ivanti Avalanche. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in unrestricted upload of files with dangerous types. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, while HackerOne assigned it a score of 7.2 (HIGH) with a vector string of CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (ZDI Advisory, NVD).

If successfully exploited, this vulnerability allows an attacker to execute arbitrary code in the context of SYSTEM on affected installations of Ivanti Avalanche. The high severity rating indicates that successful exploitation could lead to complete system compromise (ZDI Advisory).

Ivanti has released version 6.4.2 of Avalanche to address this vulnerability. Users are advised to upgrade to this version to mitigate the risk. The fix is available in the 6.4.2 release, which includes security hardening measures for this and other vulnerabilities (Release Notes, Ivanti Blog).