CVE-2023-32560

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions 6.4.0.0 and earlier

Description An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. The issue is related to two stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe. These buffer overflows can be exploited remotely without user authentication.

Recommendations For Ivanti Avalanche versions 6.4.0.0 and earlier, update to version 6.4.1 to fix the issue. As a temporary workaround, consider restricting access to the vulnerable WLAvanacheServer.exe to minimize the risk of exploitation.