Arctic Wolf Security Bulletin

< BACK TO BLOG

CVE-2023-41727, CVE-2023-46220, CVE-2023-46261, and More: Multiple Critical Vulnerabilities Patched in Ivanti Avalanche

Share :

On December 20, 2023, Ivanti announced that 20 vulnerabilities in Ivanti Avalanche On-Prem were patched in the product’s latest update. Arctic Wolf has highlighted 13 of these vulnerabilities in this bulletin that were rated as critical severity and could lead to remote code execution (RCE) or Denial of Service (DoS). 

CVE-ID    Vulnerability Type  CVSS Score  
CVE-2023-41727  Unauthenticated Buffer Overflow  9.8 – Critical 
CVE-2023-46216  Unauthenticated Buffer Overflow  9.8 – Critical 
CVE-2023-46217      Unauthenticated Buffer Overflow  9.8 – Critical 
CVE-2023-46220  Stack-based Buffer Overflow RCE  9.8 – Critical 
CVE-2023-46221  Stack-based Buffer Overflow RCE  9.8 – Critical 
CVE-2023-46222  Stack-based Buffer Overflow RCE  9.8 – Critical 
CVE-2023-46223  Stack-based Buffer Overflow RCE  9.8 – Critical 
CVE-2023-46224  Stack-based Buffer Overflow RCE  9.8 – Critical 
CVE-2023-46225  Stack-based Buffer Overflow RCE  9.8 – Critical 
CVE-2023-46257  Stack-based Buffer Overflow RCE  9.8 – Critical 
CVE-2023-46258  Stack-based Buffer Overflow RCE  9.8 – Critical 
CVE-2023-46259  Stack-based Buffer Overflow RCE  9.8 – Critical 
CVE-2023-46261  Heap-based Buffer Overflow RCE  9.8 – Critical 

 

These vulnerabilities were discovered by researchers at Tenable and Trend Micro’s Zero Day Initiative and responsibly disclosed to Ivanti. At this time, there have been no public proof of concept (PoC) exploit code published or active exploitation for these vulnerabilities observed in the wild. However, given the past history of Ivanti products being targeted by threat actors (as evidenced by CISA’s known exploited vulnerabilities catalog and AW Labs security bulletin), we expect that threat actors are likely to attempt exploitation in the near term of one or more of the vulnerabilities described in this bulletin.  

Recommendation for CVE-2023-41727, CVE-2023-46220, CVE-2023-46261

Upgrade Ivanti Avalanche to Fixed Version

Arctic Wolf strongly recommends upgrading Ivanti Avalanche to the latest fixed version. 

Product  Affected Version(s)  Fixed Version 
Ivanti Avalanche 
  • All supported versions of the products (Avalanche versions 6.3.1 and above) 
  • Older versions/releases are also at risk. 
 6.4.2 

 

Please follow your organization’s patching and testing guidelines to avoid operational impact. 

References 

  1. Ivanti announcement
  2. Ivanti article 
  3. Ivanti Avalanche 6.4.2 Release notes 
Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter

Continue Reading