Ivanti releases patches for 13 critical Avalanche RCE flaws


In order to address 13 serious security flaws in its Avalanche business mobile device management (MDM) system, Ivanti has published security upgrades. Administrators may distribute software, plan upgrades, and oversee more than 100,000 mobile devices using Avalanche from a single, central location via the Internet.

These security holes stem from heap-based buffer overflow vulnerabilities or WLAvalancheService stack, as Ivanti clarified on Wednesday. Tenable security researchers and Trend Micro’s Zero Day Initiative have reported these vulnerabilities. They can be used by unauthenticated attackers in low-complexity attacks to obtain remote code execution on unpatched systems without requiring user input.

Read More…