- 194/2023
- Critical
Ivanti released a security update to fix multiple vulnerabilities affecting Ivanti Avalanche versions 6.4.1.207, 6.4.0, and older.
The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, and trigger a buffer overflow attack on the affected product by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. Ivanti Avalanche File Upload Vulnerability (CVE-2023-32562):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Ivanti Avalanche Security Bypass Vulnerability (CVE-2023-32561):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
- CVE-2023-32560
- CVE-2023-32561
- CVE-2023-32562
- CVE-2023-32563
- CVE-2023-32564
- CVE-2023-32565
- CVE-2023-32566
- CVE-2023-32567
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.