Ivanti Patches Two Critical Avalanche Flaws in Major Update
Ivanti Patches Two Critical Avalanche Flaws in Major Update
www.infosecurity-magazine.com Ivanti Patches Two Critical Avalanche Flaws in Major Update
Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution
CVE-2024-24996 is described as a heap overflow in the WLInfoRailService component of the product, while CVE-2024-29204 is a heap overflow bug in the WLAvalancheService component. Both could allow a remote unauthenticated attacker to execute arbitrary commands, which is why they have been given a CVSS score of 9.8.
1 comments
If anyone is still using it, anyways....