Ivanti’s enterprise mobile device management (MDM) product, Avalanche, now has patches for seven critical and high-severity vulnerabilities. The most serious flaw is CVE-2023-32563, a directory traversal bug that can be used to remotely execute arbitrary code (CVSS score: 9.8).
The problem, which can be exploited without authentication, has been discovered by security researchers using Trend Micro’s ZDI and is present in the MDM solution’s ‘updateSkin’ method. “The problem arises from improper user-supplied path validation before use in file operations.
According to ZDI’s advisory, an attacker can use this vulnerability to execute code in the context of System.
Read More: Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.