Various critical security flaws have been documented in Ivanti Avalanche, an organization mobile system administration alternative that’s employed by 30,000 corporations.
The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based mostly buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4…
Cybersecurity organization Tenable mentioned the shortcomings are the final result of buffer overflows arising as a consequence of processing certain knowledge styles.
An unauthenticated remote attacker can specify a long hex string or extended type 9 product to overflow the buffer, it famous.
Effective exploitation of each issues could be exploited by a distant adversary to reach code execution or a procedure crash.
Stack-dependent buffer overflow vulnerabilities manifest when the buffer staying overwritten is in the stack, main to a circumstance the place application execution can be altered to operate arbitrary code with elevated privileges.
Ivanti has produced Avalanche version 6.4.1 to remediate the trouble following it was disclosed in April 2023.
The update also addresses 6 other flaws (from CVE-2023-32561 through CVE-2023-32566) that could pave the way for authentication bypass and distant code execution.
With security flaws in Ivanti software package coming below active exploration in new months, it is really critical that people go immediately to utilize the fixes to mitigate potential threats.
Identified this posting exciting? Follow us on Twitter and LinkedIn to study more unique written content we post.
Some parts of this short article are sourced from: