Ivanti

​Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution.

Avalanche allows admins to manage over 100,000 mobile devices from a single, central location over the Internet, deploy software, and schedule updates.

As Ivanti explained on Wednesday, these security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses reported by Tenable security researchers and Trend Micro's Zero Day Initiative.

Unauthenticated attackers can exploit them in low-complexity attacks that don't require user interaction to gain remote code execution on unpatched systems.

"An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution," Ivanti said in a security advisory.

"To address the security vulnerabilities [..], it is highly recommended to download the Avalanche installer and update to the latest Avalanche 6.4.2. These vulnerabilities impact all supported versions of the products – Avalanche versions 6.3.1 and above. Older versions/releases are also at risk."

CVE-ID Product Affected / Vulnerability
CVE-2023-41727 Ivanti Avalanche v6.4.1 WLAvalancheService.exe Unauthenticated Buffer Overflows
CVE-2023-46216 Ivanti Avalanche v6.4.1 WLAvalancheService.exe Unauthenticated Buffer Overflows
CVE-2023-46217 Ivanti Avalanche v6.4.1 WLAvalancheService.exe Unauthenticated Buffer Overflows
CVE-2023-46220 Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow RCE Vulnerability
CVE-2023-46221 Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow RCE Vulnerability
CVE-2023-46222 Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow RCE Vulnerability
CVE-2023-46223 Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow RCE Vulnerability
CVE-2023-46224 Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow RCE Vulnerability
CVE-2023-46225 Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow RCE Vulnerability
CVE-2023-46257 Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow RCE Vulnerability
CVE-2023-46258 Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow RCE Vulnerability
CVE-2023-46259 Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow RCE Vulnerability
CVE-2023-46260 Ivanti Avalanche WLAvalancheService Null Pointer Dereference Denial-of-Service Vulnerability
CVE-2023-46261 Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow RCE Vulnerability

The company also patched eight medium- and high-severity bugs that attackers could exploit in denial of service, remote code execution, and server-side request forgery (SSRF) attacks.

All security vulnerabilities disclosed today were addressed in Avalanche v6.4.2.313. Additional information on upgrading your Avalanche installation is available in this Ivanti support article.

In August, Ivanti fixed two other critical Avalanche buffer overflows tracked collectively as CVE-2023-32560 that could lead to crashes and arbitrary code execution following successful exploitation.

Threat actors chained a third MobileIron Core zero-day (CVE-2023-35081) with CVE-2023-35078 to hack into the IT systems of a dozen Norwegian ministries one month earlier.

Four months earlier, in April, state-affiliated hackers used two other zero-day flaws (CVE-2023-35078 and CVE-2023-35081) in Ivanti's Endpoint Manager Mobile (EPMM), formerly MobileIron Core, to infiltrate the networks of multiple Norwegian government organizations.

"Mobile device management (MDM) systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability," CISA warned at the time.

"Consequently, CISA and NCSC-NO are concerned about the potential for widespread exploitation in government and private sector networks."

Related Articles:

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Exploit available for new critical TeamCity auth bypass bug, patch now

Hackers exploit critical RCE flaw in Bricks WordPress site builder

ConnectWise urges ScreenConnect admins to patch critical RCE flaw

SolarWinds fixes critical RCE bugs in access rights audit solution