A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
The vulnerability is a heap overflow in the WLInfoRailService component, which is part of the Ivanti Avalanche platform. An attacker can send a specially crafted network request without needing any credentials. The heap overflow leads to the possibility of executing arbitrary commands (command injection / RCE) in the context of the vulnerable service.
An attacker can remotely execute arbitrary system commands on a vulnerable server without authentication, which in practice means complete system takeover, data breach, and the ability to perform lateral movement within the network.
Ivanti Avalanche should be updated to version 6.4.3 or later. Detailed information about the patch is available in the vendor's official security notice: https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed
Ivanti Avalanche versions prior to 6.4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIvanti Avalanche
APPIvanti< 6.4.3.528
Related vulnerabilities
Buffer overflow w Ivanti Avalanche Manager umożliwiający RCE bez uwierzytelnienia
Path Traversal w Ivanti Avalanche — nieuprawnione usuwanie plików i DoS
Heap overflow w Ivanti Avalanche umożliwia zdalne wykonanie kodu
Heap Overflow w Ivanti Avalanche umożliwia zdalne wykonanie kodu
Ivanti Avalanche — RCE/DoS przez korupcję pamięci w Mobile Device Server