Ivanti Patches Two Critical Vulnerabilities in Avalanche MDM Solution

April 17, 2024

Ivanti has resolved multiple vulnerabilities in its Avalanche mobile device management (MDM) software, two of which were of critical severity. These critical flaws, labeled as CVE-2024-24996 and CVE-2024-29204, could potentially enable remote command execution. Avalanche MDM is a platform that enables administrators to manage up to 100,000 mobile IT assets, including configuration, deployment, updating, and maintenance, all from a single system.

The two critical vulnerabilities could be exploited by a remote attacker to execute code without any user interaction. Alongside these, Ivanti also addressed numerous medium and high-severity vulnerabilities that could potentially be exploited to initiate denial-of-service conditions, execute arbitrary commands, perform remote code execution attacks, and read sensitive information from memory.

At the time of the disclosure, Ivanti was not aware of any active exploits of these vulnerabilities in the wild. The company has responded to these vulnerabilities by releasing Avalanche 6.4.3. The company's advisory states, “To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche installer and update to the latest Avalanche 6.4.3. The installation will apply a fix for each CVE listed in the table below. These vulnerabilities affect any older versions of Avalanche. You can download the latest Avalanche 6.4.3 release here.”

The mentioned vulnerabilities affect all older versions of Avalanche, and users are strongly urged to update their software to the latest release to mitigate these security risks.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.