ZDI-24-393: Ivanti Avalanche WLAvalancheService Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-27977.

arbitrary files attackers authentication avalanche cve cve-2024 cves cvss delete deletion directory directory traversal exploit file files ivanti ivanti avalanche rating vulnerability zdi