all InfoSec news
Ivanti Avalanche Multiple Vulnerabilities
Dec. 18, 2023, 5:39 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.
CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
A message sent to WLAvalancheService.exe on TCP port 1777 has the following structure:
// be = big-endian
strut msg
{
preamble pre;
hp hdrpay;
};
struct preamble
{
be32 MsgSize; // size of hp + 16
be32 HdrSize; // size of hp.hdr
be32 PayloadSize // size of hp.payload
be32 unk;
};
// header + payload
struct hp
{
MuProperty …avalanche big buffer buffer overflow cve cvss ivanti ivanti avalanche message msg overflow port size stack structure tcp vulnerabilities
More from www.tenable.com / Tenable Research Advisories
Approach.App Multiple Vulnerabilities
1 week, 5 days ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
3 weeks, 5 days ago |
www.tenable.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Azure DevSecOps Cloud Engineer II
@ Prudent Technology | McLean, VA, USA
Security Engineer III - Python, AWS
@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
SOC Analyst (Threat Hunter)
@ NCS | Singapore, Singapore
Managed Services Information Security Manager
@ NTT DATA | Sydney, Australia
Senior Security Engineer (Remote)
@ Mattermost | United Kingdom
Penetration Tester (Part Time & Remote)
@ TestPros | United States - Remote