- 117/2024
- Critical
- April 17, 2024
- 2:28 pm
Ivanti has released security updates to fix several vulnerabilities affecting all versions of Ivanti Avalanche before version 6.4.3.
The addressed vulnerabilities could allow the remote attacker to conduct denial of service attacks, obtain sensitive information, or execute arbitrary codes or commands and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Ivanti Avalanche WLAvalancheService Code Execution Vulnerability (CVE- 2024-29204):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Ivanti Avalanche WLInfoRailService Code Execution Vulnerability (CVE-2024- 24996):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.