Two stack buffer overflows found in Ivanti Avalanche EMMSecurity Affairs
Ivanti Avalanche EMM product is impacted by two buffer overflows collectively tracked as CVE-2023-32560.
Tenable researchers discovered two stack-based buffer overflows, collectively tracked as CVE-2023-32560 (CVSS v3: 9.8), impacting the Ivanti Avalanche enterprise mobility management (EMM) solution.
A remote, unauthenticated attacker can trigger the vulnerabilities to execute arbitrary code on vulnerable systems.
The flaw affects Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0 and older.
An attacker can trigger the issue by sending a crafted message to WLAvalancheService.exe on TCP port 1777.
“When processing an item of data type 9, WLAvalancheService.exe uses a fixed-size stack-based buffer to store user-supplied data and then convert the data to an integer using atol(). An unauthenticated remote attacker can specify a long type 9 item to overflow the buffer.” reads the advsisory published by Tenable.
Below is the Disclosure Timeline:
- 4 April 2023 – Issue reported
- 12 April 2023 – Tenable requests confirmation that report was received
- 12 April 2023 – Ivanti confirms the issue is being reviewed
- 13 April 2023 – Ivanti requests proof of concept script
- 13 April 2023 – Tenable notes the poc must have been removed from initial report, sends PoC
- 19 April 2023 – Ivanti confirms the issue and indicates they are working on a fix
- 22 June 2023 – Ivanti notes that a fix may not be ready by the end of the 90 day window.
- 28 June 2023 – Tenable extends disclosure window
- 20 July 2023 – Ivanti informs Tenable a fix will be available on August 1st, and has assigned CVE-2023-32560
- 14 August 2023 – Initial advisory released
Tenable researchers also created a proof-of-concept and shared it with the vendor on April 13, 2023.
Ivanti addressed the flaw on August 3, 2023, with the release of Avalanche version 6.4.1.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Ivanti)
Share On
