Cyber Resilience

CVE-2024-13181

High

Published: 14 January 2025

Published
14 January 2025
Modified
16 January 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0073 73.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13181 is a high-severity Path Traversal (CWE-22) vulnerability in Ivanti Avalanche. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-13181 is a path traversal vulnerability, also referenced under CWE-22 and CWE-288, that affects Ivanti Avalanche prior to version 6.4.7. It permits remote attackers to bypass authentication controls and stems from incomplete remediation of the earlier CVE-2024-47010 issue. The flaw carries a CVSS 3.1 base score of 7.3 with network attack vector, low complexity, and no required privileges or user interaction.

A remote unauthenticated attacker can exploit the path traversal to bypass authentication and obtain limited read, write, and disruption capabilities against the affected Avalanche instance. Successful exploitation does not require any prior credentials or user assistance.

The referenced Ivanti security advisory recommends upgrading to Avalanche 6.4.7 to address this and related CVEs.

EPSS for the CVE rose from a low baseline to a peak of 0.1459 on 2025-12-11 before receding to the current value of 0.0073, indicating a period of increased exploitation interest after public disclosure.

EU & UK References

Vulnerability details

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal enabling unauthenticated remote access to restricted resources on a public-facing management server directly matches exploitation of internet-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13179Same product: Ivanti Avalanche
CVE-2024-13180Same product: Ivanti Avalanche
CVE-2023-38036Same product: Ivanti Avalanche
CVE-2025-9713Same vendor: Ivanti
CVE-2026-6973Same vendor: Ivanti
CVE-2025-13659Same vendor: Ivanti
CVE-2024-13162Same vendor: Ivanti
CVE-2025-0282Same vendor: Ivanti
CVE-2026-1281Same vendor: Ivanti
CVE-2026-1340Same vendor: Ivanti

Affected Assets

ivanti
avalanche
≤ 6.4.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely flaw remediation through patching Ivanti Avalanche to version 6.4.7 or later, directly fixing the path traversal authentication bypass.

prevent

Validates file path inputs to block directory traversal sequences that enable unauthorized access to restricted resources.

prevent

Controls network communications to the Avalanche server, limiting remote unauthenticated access opportunities for path traversal exploits.

References