April 16, 2024 at 03:57PM
Ivanti released security updates to address 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, including critical heap overflows enabling remote command execution. Additionally, 25 medium and high-severity bugs were patched, fixing issues such as denial-of-service attacks and remote code execution. Users are advised to update to the latest Avalanche 6.4.3 release.
From the meeting notes, the key takeaways are:
– Ivanti has released security updates for its Avalanche mobile device management solution to fix a total of 27 vulnerabilities, including 2 critical heap overflows that can lead to remote command execution.
– The vulnerabilities were found in Avalanche’s WLInfoRailService and WLAvalancheService components and can allow unauthenticated remote attackers to execute arbitrary commands on vulnerable systems without user interaction.
– In addition to the critical vulnerabilities, Ivanti also patched 25 medium and high-severity bugs that could be exploited for denial-of-service attacks, arbitrary command execution as SYSTEM, reading sensitive information from memory, and remote code execution attacks.
– It is highly recommended for customers to download the Avalanche installer and update to the latest Avalanche 6.4.3 to address the security vulnerabilities.
– It’s worth noting that Ivanti had previously patched 13 critical-severity remote code execution vulnerabilities in the Avalanche MDM solution in December and fixed two other critical Avalanche buffer overflows in August.
– State-affiliated hackers had used zero-day flaws in Ivanti’s Endpoint Manager Mobile to breach the networks of multiple Norwegian government organizations, highlighting the attractiveness of MDM systems as targets for threat actors due to the elevated access they provide to thousands of mobile devices.
These takeaways summarize the critical security updates, the associated vulnerabilities, and the recommended steps for customers to address the issues.