all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Ivanti Avalanche MDM Buffer Overflow

Add to bookmarks
Sept. 18, 2023, 1:47 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits a buffer overflow condition in Ivanti Avalanche MDM versions prior to 6.4.1. An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in arbitrary code execution with the NT/AUTHORITY SYSTEM permissions. This vulnerability occurs during the processing of 3/5/8/100/101/102 item data types. The program tries to copy the item data using qmemcopy to a fixed size data buffer on stack. Upon successful exploitation the attacker gains full access to the …

arbitrary code attacker authority avalanche buffer buffer overflow code code execution data exploits ivanti ivanti avalanche manager mdm message metasploit overflow permissions program result send system types vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

AIDE 0.18.7 1 day, 20 hours ago | packetstormsecurity.com
advanced aide algorithms can +17
Systemd Insecure PTY Handling 1 day, 20 hours ago | packetstormsecurity.com
changing handling high insecure +5
Microsoft PlayReady Toolkit 1 day, 20 hours ago | packetstormsecurity.com
access acquisition client code +19
Docker Privileged Container Kernel Escape 1 day, 20 hours ago | packetstormsecurity.com
can container container escape daemon +9
Gentoo Linux Security Advisory 202405-16 1 day, 20 hours ago | packetstormsecurity.com
advisory apache apache commons can +11
Gentoo Linux Security Advisory 202405-15 1 day, 20 hours ago | packetstormsecurity.com
advisory can code code execution +12
Gentoo Linux Security Advisory 202405-14 1 day, 20 hours ago | packetstormsecurity.com
advisory code code execution gentoo +7
Gentoo Linux Security Advisory 202405-13 1 day, 20 hours ago | packetstormsecurity.com
advisory can gentoo injection +6
Gentoo Linux Security Advisory 202405-12 1 day, 20 hours ago | packetstormsecurity.com
advisory arbitrary code arbitrary code execution can +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Network Security Analyst

@ Wiz | Tel Aviv
View on infosec-jobs.com

Penetration Testing Staff Engineer- Turkey Remote

@ SonicWall | Istanbul, Istanbul, Türkiye
View on infosec-jobs.com

Physical Security Engineer

@ Microsoft | Atlanta, Georgia, United States
View on infosec-jobs.com

Junior Security Consultant (m/w/d)

@ Deutsche Telekom | Berlin, Deutschland
View on infosec-jobs.com

Senior Cybersecurity Product Specialist - Security Endpoint Protection

@ Pacific Gas and Electric Company | San Ramon, CA, US, 94583
View on infosec-jobs.com

Security Engineer, Pre-Sales (PA/NJ)

@ Vectra | US - South New Jersey, US - Pennsylvania
View on infosec-jobs.com
View more jobs