CVE-2024-47007: 
Ivanti Avalanche vulnerability analysis and mitigation

A NULL pointer dereference vulnerability (CVE-2024-47007) was identified in WLAvalancheService.exe of Ivanti Avalanche versions prior to 6.4.5. The vulnerability was discovered and disclosed in October 2024, affecting Ivanti Avalanche on-premise installations (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) in the WLAvalancheService.exe component. The severity of this vulnerability has been assessed with a CVSS v3.1 base score of 7.5 (HIGH), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited remotely without requiring privileges or user interaction (NVD).

When successfully exploited, this vulnerability allows a remote unauthenticated attacker to cause a denial of service condition in the affected system. This can result in the disruption of Avalanche services, potentially affecting the organization's ability to manage their mobile devices (NVD).

Organizations using affected versions of Ivanti Avalanche should upgrade to version 6.4.5 or later to address this vulnerability. The fix has been implemented in version 6.4.5 (Ivanti Advisory).