Ivanti has issued patches for seven critical- and high-severity vulnerabilities in its enterprise mobile device management (MDM) solution, Avalanche. The most severe vulnerability, CVE-2023-32563, is a directory traversal flaw that could allow remote code execution. Additionally, multiple stack-based buffer overflow bugs (CVE-2023-32560) and other high-severity remote code execution vulnerabilities (CVE-2023-32562 and CVE-2023-32564) were also patched. The release of these patches follows the discovery and reporting of the vulnerabilities by security researchers. While there have been no reports of these vulnerabilities being exploited in the wild, vulnerabilities in Ivanti products have been targeted in the past by malicious attacks.

Read more: https://www.securityweek.com/ivanti-patches-critical-vulnerability-in-avalanche-enterprise-mdm-solution/