Ivanti Patches Two Critical Avalanche Flaws in Major Update
(www.infosecurity-magazine.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 17 Apr 2024 11:38
https://sh.itjust.works/post/17959431
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 17 Apr 2024 11:38
https://sh.itjust.works/post/17959431
CVE-2024-24996 is described as a heap overflow in the WLInfoRailService component of the product, while CVE-2024-29204 is a heap overflow bug in the WLAvalancheService component. Both could allow a remote unauthenticated attacker to execute arbitrary commands, which is why they have been given a CVSS score of 9.8.
threaded - newest
If anyone is still using it, anyways…