"Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations"
Multiple critical security vulnerabilities have been discovered in Ivanti Avalanche, an enterprise mobile device management solution used by 30,000 organizations. Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0 contains the vulnerabilities, collectively tracked as CVE-2023-32560, with a CVSS score of 9.8. According to the cybersecurity company Tenable, they are stack-based buffer overflows. Tenable said the flaws stem from buffer overflows caused by processing certain data types. An unauthenticated remote attacker could specify a long hex string or long type 9 item to overflow the buffer. Exploiting both issues enables a remote adversary to achieve code execution or a system crash. This article continues to discuss the security flaws found in Ivanti Avalanche.
THN reports "Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations"