Ivanti Avalanche Vulnerabilities: Remote Code Execution Risk
Multiple Vulnerabilities in Ivanti Avalanche
Overview
Multiple vulnerabilities have been discovered in Ivanti Avalanche, a mobile device management system. The most severe of these vulnerabilities could allow for remote code execution. Successful exploitation could enable an attacker to install programs, view, change, or delete data, depending on the privileges associated with the system (Ivanti Forums).
Key Details
Vulnerabilities:
CVE-2024-38652: Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
CVE-2024-38653: Allows for remote code execution.
CVE-2024-36136: Allows for remote code execution.
CVE-2024-37399: Allows for remote code execution.
CVE-2024-37373: Allows for remote code execution.
Impact:
Successful exploitation could allow an attacker to take control of the system, install programs, view, change, or delete data (Ivanti Forums).
Mitigation:
Ivanti has released updates for Ivanti Avalanche, in version 6.4.4, which addresses these high severity vulnerabilities. Users are advised to update their systems to this version to mitigate the risks (Ivanti Forums).
Additional Information
Ivanti Virtual Traffic Manager (vTM): A critical authentication bypass vulnerability was also discovered in Ivanti's vTM appliances, allowing attackers to create rogue administrator accounts. Ivanti has released patches to address this issue (BleepingComputer).
Conclusion
It is crucial for organizations using Ivanti Avalanche and other Ivanti products to promptly apply the available updates to protect against these vulnerabilities. Regularly updating and patching systems is essential to maintain security and prevent unauthorized access and potential damage.
