WARNING: 13 CRITICAL VULNERABILITIES IN AVALANCHE ENTERPRISE MOBILE DEVICE MANAGEMENT SOLUTION, PATCH IMMEDIATELY!
CVE-2023-41727 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Sources
Risks
There are 13 critical vulnerabilities in the Avalanche enterprise mobile device management (MDM) solution. Unauthenticated attackers can exploit these vulnerabilities in low-complexity attacks that don't require user interaction to gain remote code execution (RCE) on unpatched systems. The impact on Confidentiality, Integrity and Availability is high.
Description
The security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses. An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result in a Denial of Service (DoS) or code execution.
CISA warned already some time ago about MDM systems: "Mobile device management (MDM) systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability".
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
To address the security vulnerabilities, it is highly recommended to download the Avalanche installer and update to the latest Avalanche 6.4.2 or higher.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.