Ivanti Patches Two Critical Vulnerabilities in Avalanche MDM Solution
April 17, 2024
Ivanti has resolved multiple vulnerabilities in its Avalanche mobile device management (MDM) software, two of which were of critical severity. These critical flaws, labeled as CVE-2024-24996 and CVE-2024-29204, could potentially enable remote command execution. Avalanche MDM is a platform that enables administrators to manage up to 100,000 mobile IT assets, including configuration, deployment, updating, and maintenance, all from a single system.
The two critical vulnerabilities could be exploited by a remote attacker to execute code without any user interaction. Alongside these, Ivanti also addressed numerous medium and high-severity vulnerabilities that could potentially be exploited to initiate denial-of-service conditions, execute arbitrary commands, perform remote code execution attacks, and read sensitive information from memory.
At the time of the disclosure, Ivanti was not aware of any active exploits of these vulnerabilities in the wild. The company has responded to these vulnerabilities by releasing Avalanche 6.4.3. The company's advisory states, “To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche installer and update to the latest Avalanche 6.4.3. The installation will apply a fix for each CVE listed in the table below. These vulnerabilities affect any older versions of Avalanche. You can download the latest Avalanche 6.4.3 release here.”
The mentioned vulnerabilities affect all older versions of Avalanche, and users are strongly urged to update their software to the latest release to mitigate these security risks.
Latest News
- Multiple Botnets Targeting TP-Link Routers Exploiting Year-Old Security Flaw
- Critical Atlassian Vulnerability Exploited to Deploy Cerber Ransomware
- Fortinet Flaw Exploited in New Cyberattack Campaign Involving ScreenConnect and Metasploit
- Cisco Sounds Alarm on Global Rise in Brute-Force Attacks Targeting VPN and SSH Services
- Exploit Code Released for Critical PAN-OS Vulnerability, Immediate Patching Urged
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.