A leading enterprise mobile device management solution, Ivanti Avalanche, was recently found to contain significant security vulnerabilities. The software package, used by an approximated 30,000 organizations globally, was highlighted as experiencing several critical security flaws. Identified under the tracking system as CVE-2023-32560 and earning a CVSS score of 9.8, these are not security issues to be taken lightly.
These vulnerabilities essentially come down to stack-based buffer overflows present in Ivanti Avalanche's WLAvanacheServer.exe, specifically in version 220.127.116.11. Cybersecurity firm Tenable pointed out these oversights during its analysis of the software, flagging them as having originated from buffer overflows which occurred when processing particular data types.
But what does it mean? It means that an unauthenticated remote attacker has the potential to specify a significantly long hex string or a long type 9 item. This action would trigger an overflow in the buffer. The consequences of such a successful exploitation attacking both of these flaws could be quite severe. An unauthorized remote adversary stands to gain code execution abilities or, in a worst-case scenario, provoke a complete system crash.
Buffer overflow vulnerabilities are dangerous and they usually occur when a buffer located in the stack is overwritten. This action can pave a path for a program's execution to be manipulated and allow facilitation of arbitrary code with much higher privileges than would have initially been granted.
Recognizing the severity of the risk, Ivanti promptly released an upgraded version of Avalanche, 6.4.1, to tackle the issues which had been broached in April 2023. This update not only remediates the buffer overflow flaws, but also addresses six additional vulnerabilities (identified from CVE-2023-32561 through CVE-2023-32566). These vulnerabilities have the potential to authorize authentication bypass and ignite remote code execution.
Given the rampant exploration of security lapses in Ivanti's software over recent days, it's of absolute importance that users act quickly to install the given fixes. These updates will provide mitigation against such threats and fortify the existing security measures employed in their system. Therefore, I would urge everyone using Ivanti software to stay alert, updated, and vigilant in maintaining up-to-date software for enhanced cybersecurity.
At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.