Ivanti has launched safety updates to deal with 27 vulnerabilities in its Avalanche mobile machine management (MDM) resolution, two of them crucial heap overflows that can be exploited for remote command execution.
Avalanche is employed by business admins to remotely deal with, deploy software package, and agenda updates throughout substantial fleets of above 100,000 cell gadgets from a single central site.
As the organization spelled out on Wednesday, the two significant safety flaws (CVE-2024-24996 and CVE-2024-29204) were identified in Avalanche’s WLInfoRailService and WLAvalancheService factors.
They are both of those induced by heap-based mostly buffer overflow weaknesses, which can let unauthenticated remote attackers execute arbitrary instructions on vulnerable techniques in minimal-complexity assaults that never involve person conversation.
Now, Ivanti also patched 25 medium and significant-severity bugs that distant attackers could exploit to trigger denial-of-assistance attacks, execute arbitrary commands as Method, read delicate facts from memory, and remote code execution assaults.
“We
…
read more...