Ivanti Avalanche fixes Several Vulnerabilities
Share this:
Ivanti Avalanche has been reported with several vulnerabilities that include arbitrary file upload remote code execution, authentication bypass, buffer overflow, and directory traversal remote code execution.
CVE-2023-32560:Unauthenticated Stack-based Buffer Overflows
This is a critical out-of-bounds write and a stack-based buffer overflow vulnerability that can be exploited by a threat actor by sending a specially crafted message to the Avalanche Manager that results in service disruption or arbitrary code execution.
CVE-2023-32561: Incorrect Permission Assignment Authentication Bypass Vulnerability
This high severitt vulnerability exists in the dumpHeap method due to incorrect permission assignment. An attacker can exploit this vulnerability to read an artifact that was previously generated by the administrator, which could lead to authentication bypass.
CVE-2023-32562: FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
This critical vulnerability exists in the FileStoreConfig endpoint, which can be exploited by a threat actor by uploading a dangerous file type in Avalanche versions 6.3.x and below resulting in remote code execution.
CVE-2023-32563: updateSkin Directory Traversal Remote Code Execution Vulnerability
This critical vulnerability exists in the updateSkin method, which is due to the lack of proper validation of a user-supplied path. An attacker can gain remote code execution by using this vulnerability and executing commands as SYSTEM.
CVE-2023-32564: FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
This critical vulnerability is due to improper validation of user-supplied data in the FileStoreConfig app, allowing threat actors to upload arbitrary files resulting in remote code execution.
CVE-2023-32565: SecureFilter Content-Type Authentication Bypass Vulnerability
This critical vulnerability exists in the SecureFilter due to the improper use of the Content-type HTTP header in authorization login, which can be used by a threat actor to bypass authentication logic.
CVE-2023-32566: SecureFilter allowPassThrough Authentication Bypass Vulnerability
This critical vulnerability exists in the allowPassThrough method due to incorrect matching of strings during authorization, resulting in an authentication bypass.
Users are recommended to upgrade to the latest version for patching these vulnerabilities and preventing them from getting exploited by threat actors.
