www.belgium.be Logo of the federal government

WARNING: 13 CRITICAL VULNERABILITIES IN AVALANCHE ENTERPRISE MOBILE DEVICE MANAGEMENT SOLUTION, PATCH IMMEDIATELY!

Reference: 
Advisory #2023-153
Version: 
1.0
Affected software: 
Avalanche Enterprise Mobile Device Management Solution
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 

CVE-2023-41727 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sources

https://forums.ivanti.com/s/article/Avalanche-6-4-2-Security-Hardening-and-CVEs-addressed?language=en_US

Risks

There are 13 critical vulnerabilities in the Avalanche enterprise mobile device management (MDM) solution. Unauthenticated attackers can exploit these vulnerabilities in low-complexity attacks that don't require user interaction to gain remote code execution (RCE) on unpatched systems. The impact on Confidentiality, Integrity and Availability is high.

Description

The security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses. An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result in a Denial of Service (DoS) or code execution.

CISA warned already some time ago about MDM systems: "Mobile device management (MDM) systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability".

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

To address the security vulnerabilities, it is highly recommended to download the Avalanche installer and update to the latest Avalanche 6.4.2 or higher.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://www.bleepingcomputer.com/news/security/ivanti-releases-patches-for-13-critical-avalanche-rce-flaws/

https://www.bleepingcomputer.com/news/security/cisa-issues-new-warning-on-actively-exploited-ivanti-mobileiron-bugs/