Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-text-to-speech domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-bookmark-follow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the soledad domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-paywall domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-frontend-submission domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114
Serious safety lapse triggers Avalanche in Ivanti, putting 30,000 organizations at risk – HacksByte

Serious safety lapse triggers Avalanche in Ivanti, putting 30,000 organizations at risk

Several serious security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution used by 30,000 organizations.

The vulnerabilities, which are collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0.

Cyber security company Tenable said the flaws were the result of buffer overflows that could arise as a result of processing specific data types.

It states that an unauthenticated remote attacker can specify a long hex string or long type 9 item to cause the buffer to overflow.

Both issues can be successfully exploited by a remote adversary to obtain code execution or a system crash.

Stack-based buffer overflow vulnerabilities occur when the buffer being overwritten is in the stack, creating a scenario where program execution can be altered to run arbitrary code with elevated privileges.

After the issue was disclosed in April 2023, Ivanti has released Avalanche version 6.4.1 to address the issue.

The update also addresses six other vulnerabilities (CVE-2023-32561 to CVE-2023-32566) that could lead to authentication bypass and remote code execution.

Security vulnerabilities in Ivanti software have been actively discovered in recent weeks, so it is imperative that users move quickly to implement fixes to mitigate potential threats.

Related posts

Microsoft CEO Satya Nadella dreams of a world where India and every person on the planet is empowered by AI

Chinese hackers exploited FortiGate Flaw to break the Dutch Military Network

Russian Coldriver hackers are moving beyond phishing with custom malware

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More