CVE-2024-27975

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.4.3

Description The issue is related to a use-after-free vulnerability in the WLAvalancheService component of the Ivanti Avalanche mobile device management system. This vulnerability is associated with the use of memory after it has been freed. Exploitation of this issue may allow a remote attacker to execute arbitrary commands with SYSTEM privileges.

Recommendations For versions prior to 6.4.3, update to version 6.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the WLAvalancheService component to minimize the risk of exploitation.