CRITICAL🇵🇱 Wersja polska

CVE-2023-46217

CVSS 9.8v3.1pub. 2023-12-19upd. 2024-11-21

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

🤖 AI Analysis
How it works

An attacker sends specially crafted data packets to the Mobile Device Server. Improper processing of these packets leads to memory corruption (memory corruption) as a result of writing outside the allocated buffer (out-of-bounds write). The consequence may be both destabilization of the server process and takeover of control over the application execution flow.

Impact

An attacker can remotely execute arbitrary code on the server (RCE) or cause its unavailability (DoS). In case of successful RCE, complete takeover of the vulnerable system is possible.

Mitigation & patch

Ivanti Avalanche should be updated to version 6.4.2 or newer, in which the vulnerability has been fixed. Detailed instructions are available in the official release notes from the manufacturer at the address provided in the references.

Who is affected

Ivanti Avalanche in versions earlier than 6.4.2, running on Microsoft Windows platform. Details in the release notes for version 6.4.2.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ivanti Avalanche

    APP
    Ivanti
    < 6.4.2
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit