December 21, 2023 at 07:33AM
Ivanti has released Avalanche 6.4.2 to patch 20 vulnerabilities in its enterprise mobile device management product. The flaws, including critical ones, can be exploited for remote code execution and denial-of-service attacks. Customers are urged to install the patches promptly due to the potential targeting of Ivanti product vulnerabilities by threat actors.
Key takeaways from the meeting notes:
– Ivanti has patched 20 vulnerabilities in its Avalanche enterprise mobile device management (MDM) product, with over a dozen flaws rated as ‘critical’.
– The Avalanche product is widely used by organizations to manage a variety of mobile devices, including warehouse scanners and retail floor tablets.
– The recently released Avalanche 6.4.2 patches 20 vulnerabilities affecting all supported versions of the on-premises product.
– Ivanti has immediately addressed the vulnerabilities and released fixes for all impacted versions.
– These vulnerabilities include buffer overflow bugs, high-severity vulnerabilities, and one medium-severity flaw, which can be exploited for various types of attacks.
– It is crucial for customers to install the patches promptly, as threat actors commonly target Ivanti product vulnerabilities.
– CISA’s known exploited vulnerabilities catalog currently includes a dozen Ivanti product flaws, with three discovered this year.
– One of the vulnerabilities, CVE-2023-35078, has been exploited in attacks aimed at the Norwegian government since at least April.
Let me know if you need further information or analysis.