Heap Overflow Vulnerability in Ivanti Avalanche Before 6.4.3

Summary

The first article discusses a critical heap overflow vulnerability in Ivanti Avalanche before version 6.4.3, which allows a remote unauthenticated attacker to execute arbitrary commands on the underlying Windows system. The vulnerability is not known to have been exploited prior to public disclosure, but Ivanti has released patches for 27 vulnerabilities, including this critical one, in the newest version of Avalanche. The vulnerabilities can be triggered without user interaction and do not require any pre-conditions for successful exploitation. This is a concerning issue for Ivanti, as it follows a series of vulnerabilities in its enterprise solutions being exploited by attackers. The company has announced efforts to improve product security, support for customers, and information sharing with the community.

News Articles

Manchester Digital

CVE-2024-29204

Security Bulletin: Critical Vulnerabilities in Ivanti Avalanche (CVE-2024-29204, CVE-2024-24996) | Manchester Digital

Summary of Bulletin:On April 16, 2024, Ivanti disclosed two critical vulnerabilities within its Avalanche Mobile Device Management (MDM) solution. These vulnerabilities, identified as CVE-2024-29204

7 months ago

Help Net Security

CVE-2024-31497CVE-2024-29204

Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: Public exploits, rising attacks,

7 months ago

Help Net Security

CVE-2024-29204

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) - Help Net Security

The newest version of Ivanti Avalanche carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical.

7 months ago