CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

Share :

On April 16, 2024, Ivanti disclosed two critical vulnerabilities within its Avalanche Mobile Device Management (MDM) solution. These vulnerabilities, identified as CVE-2024-29204 and CVE-2024-24996, are heap overflow issues in the WLInfoRailService and WLAvalancheService components, respectively. Both vulnerabilities have been assigned a CVSS score of 9.8, indicating their critical nature due to the potential for unauthenticated Remote Code Execution (RCE) in low-complexity attacks. 

Arctic Wolf has not observed publicly available proof of concept (PoC) exploits published for these vulnerabilities and Ivanti has stated no active exploitation has occurred. However, based on the historical targeting of recent vulnerabilities in Ivanti products including CVE-2024-21887, and CVE-2023-46805, and the severity of these vulnerabilities, threat actors will likely develop a working PoC exploit and attempt exploitation of this vulnerability in the near term. 

Recommendations for CVE-2024-29204, CVE-2024-24996

Upgrade To a Fixed Version of Ivanti Avalanche 

Arctic Wolf strongly recommends upgrading to the fixed version of Ivanti Avalanche to mitigate the risks associated with CVE-2024-29204 and CVE-2024-24996. 

Affected Product  Affected Versions  Fixed Version 
Ivanti Avalanche  Before 6.4.3  6.4.3 

Please follow your organization’s patching and testing guidelines to avoid any operational impact. 



Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Subscribe to our Monthly Newsletter