CVE-2023-28126: Race Condition
First published: Tue May 09 2023(Updated: )
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Avalanche | <=6.3.4.153 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-28126?
CVE-2023-28126 is an authentication bypass vulnerability in Avalanche versions 6.3.x and below.
How can an attacker exploit CVE-2023-28126?
An attacker can exploit CVE-2023-28126 by exploiting the SetUser method or by exploiting the Race Condition in the authentication message.
What is the severity of CVE-2023-28126?
CVE-2023-28126 has a severity rating of medium and a CVSS score of 5.9.
Which software versions are affected by CVE-2023-28126?
Avalanche versions 6.3.x and below are affected by CVE-2023-28126.
Is there a fix available for CVE-2023-28126?
Currently, there is no information regarding a fix for CVE-2023-28126. It is recommended to follow the vendor's security advisory for updates.
- collector/nvd-index
- vendor/ivanti
- canonical/ivanti avalanche
- version/ivanti avalanche/6.3.4.153