Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-32560

Published: 10/08/2023 Updated: 18/09/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Avalanche

Vulnerability Summary

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ivanti avalanche

Exploits

Exploit DB: Ivanti Avalance Remote Code Execution
Ivanti Avalanche versions prior to 6400 suffer from a remote code execution vulnerability ...

Github Repositories

https://github.com/x0rb3l/CVE-2023-32560

Ivanti Avalanche v6.4.0.0 RCE POC

CVE-2023-32560 Ivanti Avalanche v6400 RCE POC Reference: wwwtenablecom/security/research/tra-2023-27

Recent Articles

Ivanti warns of critical flaws in its Avalanche MDM solution
BleepingComputer • Sergiu Gatlan • 16 Apr 2024

Ivanti warns of critical flaws in its Avalanche MDM solution By Sergiu Gatlan April 16, 2024 03:52 PM 0 Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. Avalanche is used by enterprise admins to remotely manage, deploy software, and schedule updates across large fleets of over 100,000 mobile devices from a single central location. As the ...

Read more...

References

CWE-787https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_UShttp://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/174698/Ivanti-Avalanche-MDM-Buffer-Overflow.htmlhttps://nvd.nist.govhttps://github.com/x0rb3l/CVE-2023-32560https://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook