CVE-2024-29848

HIGH

CVSS v3

7.2

HIGH

EPSS Score

30.7%

exploit probability

CISA KEV

known exploited

Exploitation

—

SSVC status

Description

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.

Technical Details

CVSS v3 Vector: 3.1
Published: 5/31/2024
Last Modified: 5/6/2025

Frequently Asked Questions

What is CVE-2024-29848?

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.

Is CVE-2024-29848 actively exploited?

Active exploitation of CVE-2024-29848 has not been confirmed. The EPSS score is 30.7%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-29848?

CVE-2024-29848 has a CVSS v3 base score of 7.2 (HIGH severity), with vector string 3.1.

Is CVE-2024-29848 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IP Search CVEs

Back to CVE Database