Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)

Ivanti released a security advisory to address 27 medium, high, and critical severity vulnerabilities in its mobile device management solution Avalanche. CVE-2024-24996 and CVE-2024-29204 are the two vulnerabilities that have been given critical severity ratings. Successful exploitation of the vulnerabilities may allow remote attackers to trigger denial-of-service attacks, execute arbitrary commands as SYSTEM, read sensitive … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)”

Ivanti Avalanche Directory Traversal Vulnerability (CVE-2023-41474)

Ivanti Avalanche, a popular mobile device management system, is vulnerable to a¬†limited unauthenticated path traversal vulnerability, tracked as CVE-2023-41474. The vulnerability may allow an unauthenticated attacker to access any file under C:\\PROGRAM DATA\\Wavelink\\AVALANCHE\\Web\ webapps\AvalancheWeb in a default configuration. However, an attacker can only read some specific file extensions like .xml or .html, depending on the … Continue reading “Ivanti Avalanche Directory Traversal Vulnerability (CVE-2023-41474)”