Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)

Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution.

A buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into nearby memory locations, causing corruption or overwriting of such data.

About CVE-2023-32560

CVE-2023-32560 could allow a threat actor to send a specially designed message to the Wavelink Avalanche Manager, potentially causing service disruption or the execution of arbitrary code.

The vulnerability affects WLAvanacheServer.exe v6.4.0.0 and older and has been reported by Tenable researchers in April 2023. They also shared a PoC exploit with Ivanti, and have released additional technical information on August 14.

Ivanti released Avalanche version 6.4.1 security update on August 3, 2023, which also fixes additional RCE and authentication bypass vulnerabilities (CVE-2023-32561, CVE-2023-32562, CVE-2023-32563, CVE-2023-32564, CVE-2023-32565, CVE-2023-32566).

The appeal of enterprise mobile manager solutions

The widespread implementation of Ivanti’s solutions has drawn the attention of malicious actors, seeking to exploit potential vulnerabilities and gain unauthorized access to valuable corporate data.

We have recently reported about three vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).

CVE-2023-35078 – an authentication bypass vulnerability – has been used in conjunction with CVE-2023-35081 – a remote arbitrary file write vulnerability – to breach 12 Norwegian ministries.

CVE-2023-35082 – a remote unauthenticated API access vulnerability – could allow a remote unauthenticated threat actor to access users’ PII in older MobileIron Core versions (rebranded to Ivanti EPMM) and make changes to the server.