December 20, 2023 at 01:10PM
Ivanti released security updates fixing 13 critical vulnerabilities in their Avalanche enterprise mobile device management (MDM) solution. The flaws relate to buffer overflows. Unauthenticated attackers could exploit them for remote code execution. All issues were resolved in Avalanche v6.4.2.313. CISA and NCSC-NO have expressed concern about potential widespread exploitation in government and private sector networks.
Based on the meeting notes, here are the key takeaways:
– Ivanti has released security updates to fix 13 critical security vulnerabilities in the company’s Avalanche enterprise mobile device management (MDM) solution.
– Vulnerabilities include unauthenticated buffer overflows, stack-based buffer overflows, and heap-based buffer overflows, which could lead to remote code execution and denial of service.
– It is highly recommended to download the Avalanche installer and update to the latest Avalanche 6.4.2 to address the security vulnerabilities impacting all supported versions of the product.
– In the past, threat actors have exploited similar vulnerabilities in Ivanti’s products to infiltrate networks, making it crucial to address these vulnerabilities promptly.
Please let me know if you need any further information or assistance.