Security Bulletin logo with a close up of a wolf in the background.
Security Bulletin logo with a close up of a wolf in the background.

CVE-2023-32560: Critical Remote Code Execution Vulnerabilities in Ivanti Avalanche

On 14 August 2023, cybersecurity company Tenable released a research advisory detailing two stack-based buffer overflow vulnerabilities, collectively tracked as CVE-2023-32560, impacting Ivanti Avalanche products version 6.4.0 and older. Find Arctic Wolf’s recommendations.
Security Bulletin logo with a close up of a wolf in the background.
6 min read

On 14 August 2023, cybersecurity company Tenable released a research advisory detailing two stack-based buffer overflow vulnerabilities, collectively tracked as CVE-2023-32560, impacting Ivanti Avalanche products version 6.4.0 and older. A threat actor could remotely exploit the vulnerabilities without user authentication by specifying long data type items to overflow the buffer. 

This CVE was discovered and responsibly disclosed to Ivanti by security researchers at Tenable. At this point in time, no exploitation has been observed in the wild. However, as demonstrated in CISA’s Known Exploited Vulnerabilities Catalog, threat actors have exploited Ivanti vulnerabilities in the past. Due to the severity of CVE-2023-32560 and the fact that vulnerabilities impacting Ivanti products have been weaponised by threat actors, Arctic Wolf strongly recommends upgrading to the latest available patch on all affected devices. 

Recommendation for CVE-2023-32560: Apply the Latest Patch Released by Ivanti 

Product  Impacted Versions  Patched Version 
Ivanti Avalanche  6.4.0 and older  6.4.1.207 or later 

 

Ivanti has addressed these vulnerabilities in Ivanti Avalanche 6.4.1.207. Arctic Wolf strongly recommends reviewing Ivanti’s security advisory to access and apply the patch. Customer login is required. 

Please follow your organisation’s patching and testing guidelines to avoid any operational impact. 

References 

Share this post: