CVE-2023-32560

HIGH8.8

High EPSS

Description

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.

CVSS breakdown

CVSS 3.0

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Ivanti / Avalanche6.4.1 – 6.4.1

References

MISChttps://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
EXPLOIThttp://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.html
EXPLOIThttp://packetstormsecurity.com/files/174698/Ivanti-Avalanche-MDM-Buffer-Overflow.html