CyberSecurityBoard
Sponsor Register Login

Ivanti Avalanche Multiple Vulnerabilities

Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.
CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow.
Exe copies user-supplied data to a fixed-size stack-based buffer.
An unauthenticated remote attacker can specify a long MuProperty type 100 to overflow the buffer.
Exe in Avalanche v6.4.1.text:0042AF00 mov ecx, ; attacker-controlled token size.
Text:0042AF03 mov esi, ; attacker-controlled token data.
Text:0042AF06 lea edi, [ebp+buf80] ; fixed-size stack buf ->.
Text:0042AF0E shr ecx, 2.text:0042AF11 memcpy.
Python3 avalanche v6.4.1 WLAvalancheService stack bof.
Exe eax=00001000 ebx=025ab100 ecx=000002a2 edx=00000000 esi=0274ee11 edi=04cc0000 eip=0042af11 esp=04cbfa4c ebp=04cbfb1c iopl=0 nv up ei pl nz na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 WLAvalancheService+0x2af11: 0042af11 f3a5 rep movs dword ptr es:[edi],dword ptr [esi] 0:041> kb # ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available.
An unauthenticated remote attacker can specify a long MuProperty type 101 to overflow the buffer.
Exe in Avalanche v6.4.1.text:0042B1A7 mov ecx, ; attacker-controlled token size.
Text:0042B1AA mov esi, ; attacker-controlled token data.
Text:0042B1AD lea edi, [ebp+buf80] ; fixed-size stack buf ->.
Exe eax=00001000 ebx=025c8a68 ecx=000002a2 edx=00000001 esi=02765621 edi=04f60000 eip=0042b1b8 esp=04f5fa4c ebp=04f5fb1c iopl=0 nv up ei pl nz na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 WLAvalancheService+0x2b1b8: 0042b1b8 f3a5 rep movs dword ptr es:[edi],dword ptr [esi] 0:042> kb # ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available.
An unauthenticated remote attacker can specify a long MuProperty type 102 to overflow the buffer.
Exe in Avalanche v6.4.1.text:0042B27D mov ecx, ; attacker-controlled token size.
Text:0042B280 mov esi, ; attacker-controlled token data.
Text:0042B283 lea edi, [ebp+buf80] ; fixed-size stack buf ->.
Exe eax=00001000 ebx=025cbc48 ecx=000002a2 edx=0275ab2a esi=0275a0a1 edi=04f60000 eip=0042b28e esp=04f5fa4c ebp=04f5fb1c iopl=0 nv up ei pl nz na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 WLAvalancheService+0x2b28e: 0042b28e f3a5 rep movs dword ptr es:[edi],dword ptr [esi] 0:044> kb # ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available.


This Cyber News was published on www.tenable.com. Publication date: Mon, 18 Dec 2023 18:20:06 +0000


Cyber News related to Ivanti Avalanche Multiple Vulnerabilities

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
1 year ago Unit42.paloaltonetworks.com CVE-2023-46805 CVE-2024-21887
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893
Ivanti warns of critical flaws in its Avalanche MDM solution - Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management solution, two of them critical heap overflows that can be exploited for remote command execution. Avalanche is used by enterprise admins to ...
1 year ago Bleepingcomputer.com CVE-2023-32560 CVE-2023-35078
Ivanti Security Update: Patch for Multiple Vulnerabilities in Connect and Policy Secure - Ivanti, a leading provider of IT security and management solutions, has announced the release of critical updates for its Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. Organizations using Ivanti Connect Secure and Policy Secure ...
1 month ago Cybersecuritynews.com
Ivanti releases patches for 13 critical Avalanche RCE flaws - Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management solution. Avalanche allows admins to manage over 100,000 mobile devices from a single, central location ...
1 year ago Bleepingcomputer.com CVE-2023-32560 CVE-2023-35078
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product - Ivanti is informing customers about 20 vulnerabilities patched in its Avalanche enterprise mobile device management product, including over a dozen flaws that have a 'critical' severity rating. Avalanche is used by many organizations to manage their ...
1 year ago Securityweek.com CVE-2023-38035 CVE-2023-35078 CVE-2023-35081
Ivanti Urges Customers to Patch 13 Critical Vulnerabilities - Security vendor Ivanti has released an update to its Avalanche mobile device management product which fixes 22 vulnerabilities, 13 of which are rated critical. Ivanti Avalanche is described by the vendor as an enterprise MDM solution capable of ...
1 year ago Infosecurity-magazine.com CVE-2023-35078 CVE-2023-35081
Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
1 year ago Malwarebytes.com CVE-2024-22024
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
1 year ago Go.theregister.com CVE-2024-22024
Ivanti Connect Secure Vulnerability (CVE-2025-22457) Actively Exploited in the Wild - Ivanti has disclosed a critical vulnerability, CVE-2025-22457, affecting its Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products that are actively exploited in the wild. The vulnerability was patched in Ivanti ...
4 months ago Cybersecuritynews.com CVE-2025-22457
China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
1 year ago Go.theregister.com
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
1 year ago Securityweek.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893
Ivanti patches Connect Secure zero-day exploited since mid-March - Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. While Ivanti has yet to disclose more details ...
4 months ago Bleepingcomputer.com CVE-2025-22457
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887
Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
1 year ago Cysecurity.news CVE-2024-21893 CVE-2023-46805 CVE-2024-21887
Ivanti warns critical EPM bug lets hackers hijack enrolled devices - Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server. Ivanti EPM helps manage client devices running a wide range of ...
1 year ago Bleepingcomputer.com CVE-2023-39366
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887
CVE-2023-46217 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
1 year ago Tenable.com
CVE-2023-46216 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
1 year ago Tenable.com
CVE-2023-41727 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
1 year ago Tenable.com
Ivanti Avalanche Multiple Vulnerabilities - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService. CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow. Exe copies user-supplied data to a fixed-size stack-based buffer. An unauthenticated remote attacker can ...
1 year ago Tenable.com CVE-2023-41727
More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
1 year ago Go.theregister.com CVE-2024-21893 Hunters
Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
1 year ago Techrepublic.com CVE-2023-46805 CVE-2024-21887

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)