Heap Overflow Vulnerability in Ivanti Avalanche Before 6.4.3
Key Information
- Vendor
- Ivanti
- Status
- Avalanche
- Vendor
- CVE Published:
- 19 April 2024
Badges
Summary
The first article discusses a critical heap overflow vulnerability in Ivanti Avalanche before version 6.4.3, which allows a remote unauthenticated attacker to execute arbitrary commands on the underlying Windows system. The vulnerability is not known to have been exploited prior to public disclosure, but Ivanti has released patches for 27 vulnerabilities, including this critical one, in the newest version of Avalanche. The vulnerabilities can be triggered without user interaction and do not require any pre-conditions for successful exploitation. This is a concerning issue for Ivanti, as it follows a series of vulnerabilities in its enterprise solutions being exploited by attackers. The company has announced efforts to improve product security, support for customers, and information sharing with the community.
Affected Version(s)
Avalanche < 6.4.3
News Articles
Security Bulletin: Critical Vulnerabilities in Ivanti Avalanche (CVE-2024-29204, CVE-2024-24996) | Manchester Digital
Summary of Bulletin:On April 16, 2024, Ivanti disclosed two critical vulnerabilities within its Avalanche Mobile Device Management (MDM) solution. These vulnerabilities, identified as CVE-2024-29204
7 months ago
Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: Public exploits, rising attacks,
7 months ago
Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) - Help Net Security
The newest version of Ivanti Avalanche carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical.
7 months ago
CVSS V3.1
Timeline
- đź‘ľ
Exploit exists.
First article discovered by Help Net Security
Risk change from: null to: 9.8 - (CRITICAL)
Vulnerability published.
Vulnerability Reserved.