Thousands of organizations potentially impacted by critical Ivanti Avalanche flaws

Attacks leveraging various critical security vulnerabilities in the Ivanti Avalanche enterprise mobile device management system could compromise 30,000 organizations, reports The Hacker News. Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0 is being impacted by the stack-based buffer overflow security flaws, collectively designated CVE-2023-32560, which stem from the processing of certain data and could be leveraged to execute code or disrupt systems, according to Tenable, which identified and reported the bugs in April. Ivanti has already addressed the vulnerabilities with the release of Avalanche version 6.4.1, which also included fixes for six other vulnerabilities, which have been tracked from CVE-2023-32561 to CVE-2023-32566. Threat actors could exploit the other security flaws to facilitate authentication bypass and remote code execution, according to Ivanti. Organizations and individual users have been urged to immediately apply updates remediating the security issues amid the recent discovery of vulnerabilities affecting other Ivanti software products.