Ivanti Avalanche has been reported with several vulnerabilities ranging between Medium to High severity. Vulnerabilities include Arbitrary file upload remote code execution, Authentication bypass, Buffer Overflow, and Directory Traversal remote code execution.
Ivanti Avalanche is a mobile device management system that can be used to manage devices over the Internet from a centralized location. It can also be used to view additional details about the device like battery power or location and manage Wi-Fi and other settings.
Ivanti has released a patched version for fixing this vulnerability.
CVE(s):
CVE-2023-32560: Ivanti Avalanche WLAvalancheService.exe Unauthenticated Stack-based Buffer Overflows
This is an Out-of-bounds write and a stack-based buffer overflow vulnerability which can be exploited by a threat actor by sending a specially crafted message to the Avalanche Manager that results in service disruption or arbitrary code execution.
The CVSS score for this vulnerability is given as 9.8 (Critical) by NVD.
CVE-2023-32561: Ivanti Avalanche dumpHeap Incorrect Permission Assignment Authentication Bypass Vulnerability
This vulnerability exists in the dumpHeap method due to incorrect permission assignment. An attacker can exploit this vulnerability to read an artifact that was previously generated by the administrator which could lead to authentication bypass.
The CVSS score for this vulnerability is given as 7.5 (High) by NVD.
CVE-2023-32562: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
This vulnerability exists in the FileStoreConfig endpoint which can be exploited by a threat actor by uploading a dangerous file type in Avalanche versions 6.3.x and below resulting in remote code execution. The CVSS score for this vulnerability is given as 9.8 (Critical) by NVD.
CVE-2023-32563: Ivanti Avalanche updateSkin Directory Traversal Remote Code Execution Vulnerability
This vulnerability exists in the updateSkin method which is due to the lack of proper validation of a user-supplied path.
An attacker can gain remote code execution by using this vulnerability and executing commands as SYSTEM. The CVSS score for this vulnerability is given as 9.8 (Critical) by NVD.
CVE-2023-32564: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
This vulnerability is due to improper validation of user-supplied data in the FileStoreConfig app allowing threat actors to upload arbitrary files resulting in remote code execution.
The CVSS score for this vulnerability is given as 9.8 (Critical) by NVD.
CVE-2023-32565: Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability
This vulnerability exists in the SecureFilter due to the improper use of Content-type HTTP header in authorization login which can be used by a threat actor to bypass authentication logic.
The CVSS score for this vulnerability is given as 9.1 (Critical).
CVE-2023-32566: Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability
This vulnerability exists in the allowPassThrough method due to incorrect matching of strings during authorization resulting in an authentication bypass.
The CVSS score for this vulnerability is given as 9.1 (Critical).
Users of Ivanti Avalanche are recommended to upgrade to the latest version for patching these vulnerabilities and preventing them from getting exploited by threat actors.
Source: https://cybersecuritynews.com/ivanti-avalanche-rce-flaw/