CVE-2024-38653 PoC — Ivanti Avalanche 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-38653.yaml

Associated Vulnerability

Title:Ivanti Avalanche 安全漏洞 (CVE-2024-38653)
Description:Ivanti Avalanche是美国Ivanti公司的一套企业移动设备管理系统。该系统主要用于管理智能手机、平板电脑和条形码扫描仪等设备。 Ivanti Avalanche 6.4.4之前版本存在安全漏洞，该漏洞源于存在XML外部实体注入(XXE)，允许远程未经身份验证的攻击者读取服务器上的任意文件。

Description

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

File Snapshot


 id: CVE-2024-38653

info:
  name: Ivanti Avalanche SmartDeviceServer - XML External Entity
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!