Ivanti Avalanche Exposed to Severe Security Vulnerabilities
| Product and Affected Versions: Product: Ivanti Avalanche Affected Version: v6.4.0.0 |
| Severity and CVE ID: Severity: Critical CVE ID: CVE-2023-32560 (CVSS score: 9.8) |
| Vulnerability: Type: Stack-based Buffer Overflow The vulnerabilities are stack-based buffer overflows in Ivanti Avalanche’s WLAvanacheServer.exe v6.4.0.0. These buffer overflows occur due to the processing of specific data types. An unauthenticated remote attacker can exploit these flaws by sending a long hex string or long type 9 item, leading to buffer overflows. Successful exploitation could result in code execution or system crashes. |
| How Attack Works: Attack Vector: Remote An unauthenticated remote attacker sends specially crafted data (long hex string or long type 9 item) to the targeted Ivanti Avalanche server. This causes the buffer overflows in the processing code of WLAvanacheServer.exe, potentially allowing the attacker to execute arbitrary code with elevated privileges or crash the system. |
| Remediations: Ivanti has addressed these vulnerabilities in Avalanche version 6.4.1, which was released in response to the disclosed vulnerabilities in April 2023. The update includes fixes for the buffer overflows as well as six additional flaws (CVE-2023-32561 through CVE-2023-32566) that could lead to authentication bypass and remote code execution. Organizations using Ivanti Avalanche should promptly update to version 6.4.1 to mitigate the risks associated with these vulnerabilities. |
| Reference: CVE-2023-32560 CVE-2023-32561 to CVE-2023-32566 |
