- 98/2023
- High
Ivanti has released a security update to fix multiple vulnerabilities in Ivanti Avalanche.
The addressed vulnerabilities could allow the remote attacker to gain access, obtain sensitive information, or bypass security restrictions on the affected systems.
Sample of the addressed vulnerabilities:
1. Ivanti Avalanche Security Bypass Vulnerability (CVE-2023-28126):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
2. Ivanti Avalanche Code Execution Vulnerability (CVE-2023-28128):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
• CVE-2023-28125
• CVE-2023-28126
• CVE-2023-28127
• CVE-2023-28128
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.