Critical Insight has been tracking details on the vulnerability found in the Ivanti Avalanche enterprise mobile device management platform. Since there has been indicators of this vulnerability being exploited in the wild, and given that this can be a significant solution for managing mobile devices in an organization, we wanted to make sure that you were aware of this vulnerability and the steps required to mitigate this threat to your environment.
Ivanti and security researchers have released details on the vulnerability affecting WLAvalancheServer version 6.4.0.0. This version exposes the product to multiple buffer overflows over port TCP 1777 from a potential unauthenticated, remote attacker, allowing the attacker to leverage a long hex string to overflow the buffer to achieve remote control execution (RCE) or a system crash.
CVE-2023-32560 Ivanti Avalanche WLAvalancheService.exe Unauthenticated Stack-based Buffer Overflows
CVSSv3: 9.8
CVE-2023-32561 Ivanti Avalanche dumpHeap Incorrect Permission Assignment Authentication Bypass Vulnerability
CVSSv3: 7.5
CVE-2023-32562 Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
CVSSv3: 9.8
CVE-2023-32563 Ivanti Avalanche updateSkin Directory Traversal Remote Code Execution Vulnerability
CVSSv3: 9.8
CVE-2023-32564 Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
CVSSv3: 9.8
CVE-2023-32565 Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability
CVSSv3: 9.1
CVE-2023-32566 Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability
CVSSv3: 9.1
Affected Versions
Version 6.4.0.0 and older
Mitigations
Upgrade to version 6.4.1 or later
Additional Resources
https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
https://www.bleepingcomputer.com/news/security/ivanti-avalanche-impacted-by-critical-pre-auth-stack-buffer-overflows/
https://www.tenable.com/security/research/tra-2023-27
