CVE-2024-13181
Published: 14 January 2025
Summary
CVE-2024-13181 is a high-severity Path Traversal (CWE-22) vulnerability in Ivanti Avalanche. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-13181 is a path traversal vulnerability, also referenced under CWE-22 and CWE-288, that affects Ivanti Avalanche prior to version 6.4.7. It permits remote attackers to bypass authentication controls and stems from incomplete remediation of the earlier CVE-2024-47010 issue. The flaw carries a CVSS 3.1 base score of 7.3 with network attack vector, low complexity, and no required privileges or user interaction.
A remote unauthenticated attacker can exploit the path traversal to bypass authentication and obtain limited read, write, and disruption capabilities against the affected Avalanche instance. Successful exploitation does not require any prior credentials or user assistance.
The referenced Ivanti security advisory recommends upgrading to Avalanche 6.4.7 to address this and related CVEs.
EPSS for the CVE rose from a low baseline to a peak of 0.1459 on 2025-12-11 before receding to the current value of 0.0073, indicating a period of increased exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51403
Vulnerability details
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal enabling unauthenticated remote access to restricted resources on a public-facing management server directly matches exploitation of internet-facing applications for initial access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely flaw remediation through patching Ivanti Avalanche to version 6.4.7 or later, directly fixing the path traversal authentication bypass.
Validates file path inputs to block directory traversal sequences that enable unauthorized access to restricted resources.
Controls network communications to the Avalanche server, limiting remote unauthenticated access opportunities for path traversal exploits.