Ivanti warns of critical flaws in its Avalanche MDM solution

Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management solution, two of them critical heap overflows that can be exploited for remote command execution.
Avalanche is used by enterprise admins to remotely manage, deploy software, and schedule updates across large fleets of over 100,000 mobile devices from a single central location.
As the company explained on Wednesday, the two critical security flaws were found in Avalanche's WLInfoRailService and WLAvalancheService components.
They are both caused by heap-based buffer overflow weaknesses, which can let unauthenticated remote attackers execute arbitrary commands on vulnerable systems in low-complexity attacks that don't require user interaction.
Today, Ivanti also patched 25 medium and high-severity bugs that remote attackers could exploit to trigger denial-of-service attacks, execute arbitrary commands as SYSTEM, read sensitive information from memory, and remote code execution attacks.
Customers can find the latest Avalanche 6.4.3 release here and more information regarding upgrade steps in this support article.
Ivanti patched 13 more critical-severity remote code execution vulnerabilities in the Avalanche MDM solution in December after fixing two other critical Avalanche buffer overflows collectively tracked as CVE-2023-32560 in August.
State-affiliated hackers used two zero-day flaws in Ivanti's Endpoint Manager Mobile, formerly known as MobileIron Core, to breach the networks of multiple Norwegian government organizations one year ago.
Months later, attackers chained a third MobileIron Core zero-day with CVE-2023-35078 to also hack into the IT systems of a dozen Norwegian ministries.
Palo Alto Networks fixes zero-day exploited to backdoor firewalls.
Critical Rust flaw enables Windows command injection attacks.
Windows 10 KB5036892 update released with 23 new fixes, changes.
Windows 11 KB5036893 update released with 29 changes, Moment 5 features.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 16 Apr 2024 19:55:30 +0000

Cyber News related to Ivanti warns of critical flaws in its Avalanche MDM solution

Ivanti warns of critical flaws in its Avalanche MDM solution - Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management solution, two of them critical heap overflows that can be exploited for remote command execution. Avalanche is used by enterprise admins to ...
7 months ago Bleepingcomputer.com

Data Governance: MDM and RDM - Data governance is a framework that is developed through the collaboration of individuals with various roles and responsibilities. These goals may include providing reliable data for business operations, developing accurate analytics to assess ...
11 months ago Feeds.dzone.com

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
10 months ago Unit42.paloaltonetworks.com

Ivanti releases patches for 13 critical Avalanche RCE flaws - Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management solution. Avalanche allows admins to manage over 100,000 mobile devices from a single, central location ...
11 months ago Bleepingcomputer.com

Ivanti Urges Customers to Patch 13 Critical Vulnerabilities - Security vendor Ivanti has released an update to its Avalanche mobile device management product which fixes 22 vulnerabilities, 13 of which are rated critical. Ivanti Avalanche is described by the vendor as an enterprise MDM solution capable of ...
10 months ago Infosecurity-magazine.com

Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
9 months ago Techtarget.com

Ivanti warns critical EPM bug lets hackers hijack enrolled devices - Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server. Ivanti EPM helps manage client devices running a wide range of ...
10 months ago Bleepingcomputer.com

Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product - Ivanti is informing customers about 20 vulnerabilities patched in its Avalanche enterprise mobile device management product, including over a dozen flaws that have a 'critical' severity rating. Avalanche is used by many organizations to manage their ...
10 months ago Securityweek.com

CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
8 months ago Techtarget.com

Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
10 months ago Techtarget.com

Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
9 months ago Bleepingcomputer.com

Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
9 months ago Bleepingcomputer.com

Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
9 months ago Malwarebytes.com

Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
9 months ago Go.theregister.com

CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
5 months ago Securityaffairs.com

More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
9 months ago Go.theregister.com

CISA: Critical Ivanti auth bypass bug now actively exploited - CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile and MobileIron Core device management software is now under active exploitation. Tracked as CVE-2023-35082, the flaw is a remote unauthenticated API ...
10 months ago Bleepingcomputer.com

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
9 months ago Securityweek.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com

Ivanti zero-day flaws under 'widespread' exploitation - Two critical Ivanti vulnerabilities that remain unpatched are being widely exploited just five days following public disclosure. In a security advisory Wednesday, Ivanti urged users and administrators to mitigate two zero-day vulnerabilities that ...
10 months ago Techtarget.com

China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
10 months ago Go.theregister.com

Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware - Hackers exploit unpatched Ivanti vulnerabilities to deploy malware on Linux systems. Magnet Goblin targets businesses using outdated software. Patch immediately and implement strong security measures to protect against these attacks. Cybersecurity ...
8 months ago Hackread.com

Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
9 months ago Cysecurity.news

Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
10 months ago Bleepingcomputer.com

CISO Corner: CIO Convergence, 10 Critical Security Metrics, & Ivanti Fallout - Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Boards of directors don't care about a security program's minute technical details. With the US Securities and ...
9 months ago Darkreading.com

Latest Cyber News

CVE-2024-44308 - 1 day ago
CVE-2024-44309 - 1 day ago
CVE-2018-9467 - 1 day ago
CVE-2018-9440 - 1 day ago
CVE-2018-9456 - 1 day ago
CVE-2018-9466 - 1 day ago
CVE-2024-52595 - 1 day ago
CVE-2024-30424 - 1 day ago
CVE-2024-51669 - 1 day ago
CVE-2024-52392 - 1 day ago
CVE-2018-9420 - 1 day ago
CVE-2018-9421 - 1 day ago
CVE-2018-9424 - 1 day ago
CVE-2018-9428 - 1 day ago
CVE-2018-9432 - 1 day ago
CVE-2018-9433 - 1 day ago
CVE-2023-27609 - 1 day ago
CVE-2024-11400 - 1 day ago
CVE-2018-9411 - 1 day ago
CVE-2018-9412 - 1 day ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10268 - 2 days ago
CVE-2024-10388 - 2 days ago
CVE-2024-11069 - 2 days ago
CVE-2024-11098 - 2 days ago
CVE-2024-31141 - 1 day ago
CVE-2024-11036 - 1 day ago
CVE-2024-11038 - 1 day ago
CVE-2024-11195 - 1 day ago
CVE-2024-11194 - 1 day ago
CVE-2024-11198 - 1 day ago
CVE-2024-11224 - 1 day ago
CVE-2024-52675 - 1 day ago
CVE-2024-9777 - 1 day ago
CVE-2024-9830 - 1 day ago
CVE-2024-10204 - 1 day ago
CVE-2024-11075 - 1 day ago
CVE-2024-52711 - 1 day ago
CVE-2024-10524 - 1 day ago
CVE-2024-50803 - 1 day ago
CVE-2024-52582 - 1 day ago