Cyber Resilience

CVE-2024-13179

High

Published: 14 January 2025

Published
14 January 2025
Modified
16 January 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0122 79.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13179 is a high-severity Path Traversal (CWE-22) vulnerability in Ivanti Avalanche. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-13179 is a path traversal vulnerability, also categorized under authentication bypass, that affects Ivanti Avalanche prior to version 6.4.7. The flaw permits remote attackers to manipulate file paths and circumvent authentication controls in the affected device management software.

A remote unauthenticated attacker can exploit the issue over the network with low attack complexity and no user interaction required. Successful exploitation grants partial read, write, and disruption capabilities against confidentiality, integrity, and availability by bypassing normal access restrictions.

The referenced Ivanti security advisory addresses this CVE alongside others and directs customers to upgrade to Avalanche 6.4.7 to resolve the path traversal and related authentication issues.

EPSS for the vulnerability rose from a low baseline to a peak of 0.1562 on 2025-12-11 before receding to the current value of 0.0122, indicating a period of increased exploitation interest after public disclosure.

EU & UK References

Vulnerability details

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal auth bypass in public-facing Ivanti Avalanche server directly enables remote exploitation of the application without credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13181Same product: Ivanti Avalanche
CVE-2024-13180Same product: Ivanti Avalanche
CVE-2023-38036Same product: Ivanti Avalanche
CVE-2025-9713Same vendor: Ivanti
CVE-2026-6973Same vendor: Ivanti
CVE-2025-13659Same vendor: Ivanti
CVE-2024-13162Same vendor: Ivanti
CVE-2025-0282Same vendor: Ivanti
CVE-2026-1281Same vendor: Ivanti
CVE-2026-1340Same vendor: Ivanti

Affected Assets

ivanti
avalanche
≤ 6.4.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2024-13179 by identifying, reporting, and applying vendor patches to remediate the path traversal flaw allowing authentication bypass.

prevent

Prevents path traversal exploitation in Ivanti Avalanche by validating and restricting inputs at file path processing points to block unauthorized access.

prevent

Enforces approved access authorizations to limit the scope and impact of authentication bypass achieved via path traversal.

References