On April 16, 2024, Ivanti disclosed two critical vulnerabilities within its Avalanche Mobile Device Management (MDM) solution. These vulnerabilities, identified as CVE-2024-29204 and CVE-2024-24996, are heap overflow issues in the WLInfoRailService and WLAvalancheService components, respectively. Both vulnerabilities have been assigned a CVSS score of 9.8, indicating their critical nature due to the potential for unauthenticated Remote Code Execution (RCE) in low-complexity attacks.
Arctic Wolf has not observed publicly available proof of concept (PoC) exploits published for these vulnerabilities and Ivanti has stated no active exploitation has occurred. However, based on the historical targeting of recent vulnerabilities in Ivanti products including CVE-2024-21887, and CVE-2023-46805, and the severity of these vulnerabilities, threat actors will likely develop a working PoC exploit and attempt exploitation of this vulnerability in the near term.
Recommendations for CVE-2024-29204, CVE-2024-24996
Upgrade To a Fixed Version of Ivanti Avalanche
Arctic Wolf strongly recommends upgrading to the fixed version of Ivanti Avalanche to mitigate the risks associated with CVE-2024-29204 and CVE-2024-24996.
| Affected Product | Affected Versions | Fixed Version |
| Ivanti Avalanche | Before 6.4.3 | 6.4.3 |
Please follow your organisation’s patching and testing guidelines to avoid any operational impact.
References
