Connect with us

Hi, what are you looking for?



Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution

Ivanti has patched critical- and high-severity vulnerabilities with the latest release of Avalanche, its enterprise mobile device management solution.

Ivanti Sentry CVE-2023-38035 exploited

Ivanti has released patches for seven critical- and high-severity vulnerabilities in Avalanche, its enterprise mobile device management (MDM) solution.

The most severe of the flaws is CVE-2023-32563 (CVSS score of 9.8), a directory traversal bug that can be exploited to execute arbitrary code remotely.

Reported by security researchers with Trend Micro’s ZDI, the issue exists in the ‘updateSkin’ method of the MDM solution and can be exploited without authentication.

“The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of System,” ZDI’s advisory reads.

The latest Avalanche iteration also resolves multiple stack-based buffer overflow bugs that are collectively tracked as CVE-2023-32560 (CVSS score of 8.8).

The vulnerability resides in Wavelink Avalanche Manager, which uses a fixed-size stack-based buffer when processing certain types of data, explained Tenable, whose researchers discovered the issue.

An unauthenticated, remote attacker can trigger the vulnerability by sending a crafted message to the service, which could lead to service disruption or code execution.

Advertisement. Scroll to continue reading.

Two other high-severity remote code execution vulnerabilities were patched with the latest Avalanche release, both discovered and reported through ZDI.

The flaws, CVE-2023-32562 and CVE-2023-32564, are the result of a “lack of proper validation of user-supplied data”, allowing an attacker to upload arbitrary files and potentially execute code with System privileges.

All three remaining vulnerabilities – CVE-2023-32561, CVE-2023-32565, and CVE-2023-32566 – are described as authentication bypass flaws in various components of the MDM solution.

Ivanti patched all seven vulnerabilities in Avalanche version, which was released earlier this month. Both Tenable and ZDI, however, released details on these vulnerabilities only this week.

While there’s no mention of any of these issues being exploited in the wild, vulnerabilities in Ivanti products are known to have been targeted in malicious attacks.

Related: Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed

Related: Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government

Related: Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.