Tenable researchers discovered two stack-based buffer overflows, collectively tracked as CVE-2023-32560 (CVSS v3: 9.8), impacting the Ivanti Avalanche enterprise mobility management (EMM) solution.
A remote, unauthenticated attacker can trigger the vulnerabilities to execute arbitrary code on vulnerable systems.
The flaw affects Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0 and older.
An attacker can trigger the issue by sending a crafted message to WLAvalancheService.exe on TCP port 1777.
“When processing an item of data type 9, WLAvalancheService.exe uses a fixed-size stack-based buffer to store user-supplied data and then convert the data to an integer using atol(). An unauthenticated remote attacker can specify a long type 9 item to overflow the buffer.” reads the advsisory published by Tenable.
Below is the Disclosure Timeline:
Tenable researchers also created a proof-of-concept and shared it with the vendor on April 13, 2023.
Ivanti addressed the flaw on August 3, 2023, with the release of Avalanche version 6.4.1.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Ivanti)