Security News > 2023 > August > Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)
2023-08-16 09:39

Two stack-based buffer overflow bugs have been discovered in Ivanti Avalanche, an enterprise mobility management solution.

Ivanti released Avalanche version 6.4.1 security update on August 3, 2023, which also fixes additional RCE and authentication bypass vulnerabilities.

The widespread implementation of Ivanti's solutions has drawn the attention of malicious actors, seeking to exploit potential vulnerabilities and gain unauthorized access to valuable corporate data.

We have recently reported about three vulnerabilities affecting Ivanti Endpoint Manager Mobile.

CVE-2023-35078 - an authentication bypass vulnerability - has been used in conjunction with CVE-2023-35081 - a remote arbitrary file write vulnerability - to breach 12 Norwegian ministries.

CVE-2023-35082 - a remote unauthenticated API access vulnerability - could allow a remote unauthenticated threat actor to access users' PII in older MobileIron Core versions and make changes to the server.


News URL

https://www.helpnetsecurity.com/2023/08/16/cve-2023-32560/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-35082 Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
network
low complexity
ivanti CWE-287
critical
9.8
2023-08-03 CVE-2023-35081 Path Traversal vulnerability in Ivanti Endpoint Manager Mobile
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
network
low complexity
ivanti CWE-22
7.2
2023-07-25 CVE-2023-35078 Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
network
low complexity
ivanti CWE-287
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 26 9 64 115 60 248