Two unauthenticated stack buffer overflows found in Ivanti Avalanche EMM

Pierluigi Paganini August 16, 2023

Ivanti Avalanche EMM product is impacted by two buffer overflows collectively tracked as CVE-2023-32560.

Tenable researchers discovered two stack-based buffer overflows, collectively tracked as CVE-2023-32560 (CVSS v3: 9.8), impacting the Ivanti Avalanche enterprise mobility management (EMM) solution.

A remote, unauthenticated attacker can trigger the vulnerabilities to execute arbitrary code on vulnerable systems.

The flaw affects Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0 and older.

An attacker can trigger the issue by sending a crafted message to WLAvalancheService.exe on TCP port 1777.

“When processing an item of data type 9, WLAvalancheService.exe uses a fixed-size stack-based buffer to store user-supplied data and then convert the data to an integer using atol(). An unauthenticated remote attacker can specify a long type 9 item to overflow the buffer.” reads the advsisory published by Tenable.

Below is the Disclosure Timeline:

  • 4 April 2023 – Issue reported
  • 12 April 2023 – Tenable requests confirmation that report was received
  • 12 April 2023 – Ivanti confirms the issue is being reviewed
  • 13 April 2023 – Ivanti requests proof of concept script
  • 13 April 2023 – Tenable notes the poc must have been removed from initial report, sends PoC
  • 19 April 2023 – Ivanti confirms the issue and indicates they are working on a fix
  • 22 June 2023 – Ivanti notes that a fix may not be ready by the end of the 90 day window.
  • 28 June 2023 – Tenable extends disclosure window
  • 20 July 2023 – Ivanti informs Tenable a fix will be available on August 1st, and has assigned CVE-2023-32560
  • 14 August 2023 – Initial advisory released

Tenable researchers also created a proof-of-concept and shared it with the vendor on April 13, 2023.

Ivanti addressed the flaw on August 3, 2023, with the release of Avalanche version 6.4.1.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Ivanti)



you might also like

leave a comment