Get in Touch
Indiscriminate, opportunistic targeting.
Ivanti has released details pertaining to two stack-based buffer overflow flaws, collectively tracked as CVE-2023-32560 (CVSSv3 score: 9.8), that affect Ivanti Avalanche, their enterprise mobility management (EMM) solution. A buffer overflow is a security flaw whereby a programme writes more data to an adjacent memory block (buffer) than it can contain, leading to programme crashes. Stack-based buffer overflows result from the overwrite of regions allocated on a memory region that stores the programme’s local variables (stack), allowing for potential execution of malicious code.
Successful exploitation of CVE-2023-32560 could allow threat actors to execute arbitrary code on the target systems, leading to the compromise of the integrity and availability of sensitive data.
Ivanti has released a security update for CVE-2023-32560 relating to the affected product versions. As such, previous versions are now vulnerable to potential exploitation.
WLAvalancheService.exe version 188.8.131.52 and prior.
Containment, Mitigations & Remediations
It is strongly recommended that Ivanti Avalanche users apply the version 6.4.1 security update as soon as possible.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Ivanti occupies a significant portion of the mobile-device-management market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, these products will likely emerge as a prime target. Due to the fact that Ivanti products have become an integral aspect of business operations, threat actors will continue to exploit the associated vulnerabilities in an attempt to exfiltrate sensitive data contained therein.
The disclosure of CVE-2023-32560 has emerged following another recently discovered critical Ivanti MobileIron Core vulnerability with a CVSSv3 score of 10.0 (CVE-2023-35078). Due to the severity of these vulnerabilities, as well as the fact that they can be chained with others to form dangerous exploits, it is highly likely that threat actors will attempt to target these vulnerabilities to achieve their objectives. As such, it is crucial that users of the affected product version apply the relevant security updates as a matter of urgency.
Please see the related Quorum Cyber Threat Intelligence bulletin for further details.
No attribution to specific threat actors or groups has been identified at the time of writing.
Common Weakness Enumeration:
CWE-121 – Stack-based Buffer Overflow