Ivanti Patches Two Critical Avalanche Flaws in Major Update (www.infosecurity-magazine.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 17 Apr 2024 11:38
https://sh.itjust.works/post/17959431

CVE-2024-24996 is described as a heap overflow in the WLInfoRailService component of the product, while CVE-2024-29204 is a heap overflow bug in the WLAvalancheService component. Both could allow a remote unauthenticated attacker to execute arbitrary commands, which is why they have been given a CVSS score of 9.8.

#cybersecurity

threaded - newest

kid@sh.itjust.works on 17 Apr 2024 11:38 collapse

If anyone is still using it, anyways…