Warning: Unauthenticated RCE In Ivanti Avalanche
CVE-2023-32560: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
An unauthenticated remote attacker can trigger a Denial of Service (DoS) and/or execute arbitrary code remotely, possibly leading to a compromise of system/data integrity, confidentiality, and/or availability.
Ivanti Avalanche, formerly known as Wavelink Avalanche, is an enterprise mobility management (EMM) solution. An unauthenticated attacker can send a specially crafted message to the Ivanti Avalanche Manager, which could result in service disruption or arbitrary code execution.
Avanti Avalanche v6.4.1 also contains patches for several other authentication bypass and/or RCE vulnerabilities.
The Centre for Cybersecurity Belgium strongly recommends system administrators to take the following actions in order to mitigate the impact of this vulnerability in the most efficient way.
Please upgrade to the vendor's recommended version (or higher) after thorough testing and keep an eye out for future security bulletins.
- Avalanche 6.4.1 and later releases
The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise. When applying patches to systems that have been vulnerable to an RCE exploit, a proactive threat assessment should be performed to verify no exploitation occurred prior to patching.
Original researcher's report: https://www.tenable.com/security/research/tra-2023-27