Vulnerabilities > CVE-2023-32560 - Out-of-bounds Write vulnerability in Ivanti Avalanche
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 15 |
Common Weakness Enumeration (CWE)
Related news
- Ivanti Avalanche impacted by critical pre-auth stack buffer overflows (source)
- Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations (source)
- Ivanti releases patches for 13 critical Avalanche RCE flaws (source)
- Ivanti warns of critical flaws in its Avalanche MDM solution (source)