image credit: Rawpixel

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)

August 16, 2023

A buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into nearby memory locations, causing corruption or overwriting of such data.

About CVE-2023-32560

CVE-2023-32560 could allow a threat actor to send a specially designed message to the Wavelink Avalanche Manager, potentially causing service disruption or the execution of arbitrary code.

The vulnerability affects WLAvanacheServer.exe v6.4.0.0 and older and has been reported by Tenable researchers in April 2023. They also shared a PoC exploit with Ivanti, and have released additional technical information on August 14.

Read More on Help Net Security