Vulnerabilities > CVE-2023-32560 - Out-of-bounds Write vulnerability in Ivanti Avalanche
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- Ivanti Avalanche impacted by critical pre-auth stack buffer overflows (source)
- Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations (source)
- Ivanti releases patches for 13 critical Avalanche RCE flaws (source)
- Ivanti warns of critical flaws in its Avalanche MDM solution (source)
References
- http://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/174698/Ivanti-Avalanche-MDM-Buffer-Overflow.html
- https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
- http://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.html
- https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
- http://packetstormsecurity.com/files/174698/Ivanti-Avalanche-MDM-Buffer-Overflow.html