Several critical security flaws have been noted in Ivanti Avalanche, an company mobile system management resolution which is utilized by 30,000 businesses.
The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based mostly buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4…
Cybersecurity organization Tenable explained the shortcomings are the final result of buffer overflows arising as a consequence of processing unique info styles.
An unauthenticated remote attacker can specify a prolonged hex string or extensive sort 9 merchandise to overflow the buffer, it observed.
Profitable exploitation of each issues could be exploited by a distant adversary to achieve code execution or a system crash.
Stack-dependent buffer overflow vulnerabilities come about when the buffer being overwritten is in the stack, main to a circumstance in which program execution can be altered to operate arbitrary code with elevated privileges.
Ivanti has launched Avalanche edition 6.4.1 to remediate the challenge just after it was disclosed in April 2023.
The update also addresses six other flaws (from CVE-2023-32561 via CVE-2023-32566) that could pave the way for authentication bypass and distant code execution.
With security flaws in Ivanti program coming less than active exploration in current months, it is really critical that buyers move swiftly to apply the fixes to mitigate potential threats.
Observed this report fascinating? Comply with us on Twitter and LinkedIn to go through much more unique content material we put up.
Some parts of this article are sourced from:
thehackernews.com