Ivanti has issued patches for seven critical- and high-severity vulnerabilities in its enterprise mobile device management (MDM) solution, Avalanche. The most severe vulnerability, CVE-2023-32563, is a directory traversal flaw that could allow remote code execution. Additionally, multiple stack-based buffer overflow bugs (CVE-2023-32560) and other high-severity remote code execution vulnerabilities (CVE-2023-32562 and CVE-2023-32564) were also patched. The release of these patches follows the discovery and reporting of the vulnerabilities by security researchers. While there have been no reports of these vulnerabilities being exploited in the wild, vulnerabilities in Ivanti products have been targeted in the past by malicious attacks.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.