CVE-2024-38653

HIGH

CVSS v3

7.5

HIGH

EPSS Score

89.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

Technical Details

Published
8/14/2024

Frequently Asked Questions

What is CVE-2024-38653?

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

Is CVE-2024-38653 actively exploited?

Active exploitation of CVE-2024-38653 has not been confirmed. The EPSS score is 89.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-38653?

CVE-2024-38653 has a CVSS v3 base score of 7.5 (HIGH severity).

Is CVE-2024-38653 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.