Security updates have been issued by Ivanti to address 27 issues impacting its Avalanche mobile device management solution, according to BleepingComputer.
Most severe of the remediated vulnerabilities are two critical heap overflow bugs within the solution's WLInfoRailService and WLAvalancheService components, tracked as CVE-2024-24996 and CVE-2024-29204, which could be exploited to facilitate arbitrary command execution without any user interaction.
On the other hand, the rest of the high- and medium-severity flaws could be leveraged to enable arbitrary command execution, sensitive data access, remote code execution attacks, and denial-of-service intrusions, said Ivanti, which urged immediate upgrades to the latest Avalanche 6.4.3 release even though there has been no evidence suggesting any active exploitation of the fixed security issues.
Such an advisory comes four months after more than a dozen critical RCE flaws impacting Avalanche MDM were fixed by Ivanti. MDM system vulnerabilities were noted by the Cybersecurity and Infrastructure Security Agency to be commonly exploited in cyberattacks due to the extensive device access they provide.
