News

Multiple critical security flaws have been discovered in Ivanti Avalanche, an enterprise mobile device management solution used by 30,000 organizations. These vulnerabilities, known as CVE-2023-32560, are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. Cybersecurity company Tenable has identified these weaknesses as a result of buffer overflows caused by processing specific data types.

An unauthenticated remote attacker can exploit these flaws by inputting a long hex string or a long type 9 item to overflow the buffer. If successfully exploited, the attacker could execute code or cause a system crash.

To address these vulnerabilities, Ivanti has released Avalanche version 6.4.1 in April 2023. This update also resolves six other flaws (CVE-2023-32561 to CVE-2023-32566), which could potentially lead to authentication bypass and remote code execution.

Considering the recent active exploration of security flaws in Ivanti software, it is crucial for users to promptly apply the updates to mitigate potential threats.

Follow us on Twitter and LinkedIn for more exclusive content.

The post Multiple Security Flaws Found in Ivanti Avalanche appeared first on satProviders.