October 3, 2023

Researchers have discovered a vulnerability in the Ivanti Avalanche system—a leading enterprise mobility management (EMM) solution revered for its prowess in managing, monitoring, and safeguarding a broad spectrum of mobile devices.

It is a stack-based buffer overflow flaw. It’s a vulnerability that hackers can exploit remotely without requiring user authentication, granting them the ghastly ability to execute any code on the target system.

The vulnerability tracked as CVE-2023-38036  with a CVSS score of 9.8 allows malicious actors to send crafted message to the Wavelink Avalanche Manager. Upon receiving this message, the system could either crash—disrupting services—or worse, permit the execution of arbitrary codes.

Advertisements

Notably, this flaw echoes the vulnerability identified as CVE-2023-32560 but stands apart in its mechanics. This perilous flaw permeates Ivanti Avalanche versions 6.4.0 and prior.

A security researcher at Tenable deserves commendation for discovering and reporting CVE-2023-38036, underscoring the importance of collaborative efforts in combating cyber threats.

Ivanti has released a security advisory for this vulnerability and has provided a patch that can be applied to affected systems. Organizations that use Ivanti Avalanche should apply the patch as soon as possible to protect themselves from this vulnerability.

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: