CVE-2023-28128: Malicious File Upload
First published: Tue May 09 2023(Updated: )
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Avalanche | <=6.3.4.153 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28128?
CVE-2023-28128 is a vulnerability in Avalanche versions 6.3.x and below that allows for unrestricted upload of files with dangerous types, potentially leading to remote code execution.
What is the severity of CVE-2023-28128?
CVE-2023-28128 has a severity rating of 7.2 (high).
Which software versions are affected by CVE-2023-28128?
Avalanche versions 6.3.x and below, up to and including 6.3.4.153, are affected by CVE-2023-28128.
How can an attacker exploit CVE-2023-28128?
An attacker can exploit CVE-2023-28128 by uploading files with dangerous types, which can lead to remote code execution.
Are there any references for more information about CVE-2023-28128?
Yes, you can find more information about CVE-2023-28128 at the following links: [Link 1](http://packetstormsecurity.com/files/172398/Ivanti-Avalanche-FileStoreConfig-Shell-Upload.html) and [Link 2](https://forums.ivanti.com/s/article/ZDI-CAN-17812-Ivanti-Avalanche-FileStoreConfig-Arbitrary-File-Upload-Remote-Code-Execution-Vulnerability?language=en_US).
- collector/nvd-index
- vendor/ivanti
- canonical/ivanti avalanche
- version/ivanti avalanche/6.3.4.153