Vulnerability Details CVE-2023-32560
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.
Thanks to a Researcher at Tenable for finding and reporting.
Fixed in version 6.4.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.919
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 8.8
References
- http://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/174698/Ivanti-Avalanche-MDM-Buffer-Overflow.html
- https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
- http://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/174698/Ivanti-Avalanche-MDM-Buffer-Overflow.html
- https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
Products affected by CVE-2023-32560
-
cpe:2.3:a:ivanti:avalanche:-
-
cpe:2.3:a:ivanti:avalanche:4.6
-
cpe:2.3:a:ivanti:avalanche:5.3
-
cpe:2.3:a:ivanti:avalanche:5.3.1
-
cpe:2.3:a:ivanti:avalanche:6.0
-
cpe:2.3:a:ivanti:avalanche:6.1
-
cpe:2.3:a:ivanti:avalanche:6.1.103.53
-
cpe:2.3:a:ivanti:avalanche:6.1.106.337
-
cpe:2.3:a:ivanti:avalanche:6.1.106.496
-
cpe:2.3:a:ivanti:avalanche:6.2
-
cpe:2.3:a:ivanti:avalanche:6.2.0
-
cpe:2.3:a:ivanti:avalanche:6.2.0.602
-
cpe:2.3:a:ivanti:avalanche:6.2.2
-
cpe:2.3:a:ivanti:avalanche:6.2.2.197
-
cpe:2.3:a:ivanti:avalanche:6.3.1
-
cpe:2.3:a:ivanti:avalanche:6.3.1.1507
-
cpe:2.3:a:ivanti:avalanche:6.3.2
-
cpe:2.3:a:ivanti:avalanche:6.3.2.3490
-
cpe:2.3:a:ivanti:avalanche:6.3.3
-
cpe:2.3:a:ivanti:avalanche:6.3.3.101
-
cpe:2.3:a:ivanti:avalanche:6.3.4
-
cpe:2.3:a:ivanti:avalanche:6.3.4.153
-
cpe:2.3:a:ivanti:avalanche:6.4.0