Unauthenticated Stack-based Buffer Overflow Vulnerability in Ivanti Avalanche

High severity vulnerability could allow attackers to cause service disruption or perform arbitrary code execution on Ivanti Avalanche

Threat ID:: CC-4367
Threat Severity:: Medium
Published:: 17 August 2023 11:53 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

High severity vulnerability could allow attackers to cause service disruption or perform arbitrary code execution on Ivanti Avalanche

Affected platforms

The following platforms are known to be affected:

Versions: 6.4.0 and older

Ivanti Avalanche

Threat details

Introduction

Ivanti has released a security advisory addressing a high severity vulnerability in Ivanti Avalanche. CVE-2023-32560 is an unauthenticated stack-based buffer overflow vulnerability that could allow an attacker to send a specially crafted message to the Wavelink Avalanche Manager, which could lead to service disruption or arbitrary code execution.

The security advisory also contains six additional vulnerabilities that affect Ivanti Avalanche.

Remediation advice

Affected organisations are advised to review Ivanti security advisory and apply any relevant updates.

Definitive source of threat updates

https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US

CVE Vulnerabilities

Status Published

CVE-2023-32560

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.

Status Published

CVE-2023-32561

A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.

Status Published

CVE-2023-32562

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.

Status Published

CVE-2023-32563

An unauthenticated attacker could achieve the code execution through a RemoteControl server.

Status Published

CVE-2023-32564

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.

Status Published

CVE-2023-32565

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.

Status Published

CVE-2023-32566

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.

Last edited: 17 August 2023 11:53 am