Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary commands on the underlying Windows system. “We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure,” the company said on Wednesday. CVE-2024-29204 and CVE-2024-24996 Both critical vulnerabilities are heap overflow bugs: … More →

The post …

attacker avalanche aware critical cve cve-2024 device device management don't miss enterprise fixes flaw hot stuff ivanti ivanti avalanche management may mdm message mobile mobile device mobile device management patches remote management simple solution system tenable the company unauthenticated version vulnerabilities vulnerability windows windows system