/

CVE-2023-46220 Report - Details, Severity, & Advisorie...

CVE-2023-46220 Report - Details, Severity, & Advisories

Twingate Team

Feb 23, 2024

CVE-2023-46220 is a critical vulnerability with a severity rating of 9.8, affecting systems running Ivanti Avalanche software on Microsoft Windows. An attacker can exploit this vulnerability by sending specially crafted data packets to the Mobile Device Server, causing memory corruption that could lead to a Denial of Service (DoS) or code execution. This issue impacts Ivanti Avalanche versions up to, but not including, 6.4.2.

How do I know if I'm affected?

If you're using Ivanti Avalanche software on a Microsoft Windows system, you might be affected by the vulnerability. This issue impacts versions up to, but not including, 6.4.2. To check if you're affected, verify the version of your Ivanti Avalanche software. If it's older than 6.4.2, you could be at risk of memory corruption, leading to a Denial of Service (DoS) or code execution.

What should I do if I'm affected?

If you're affected by the vulnerability, it's important to take action. To protect your system, update your Ivanti Avalanche software to version 6.4.2 or later. This will address the security issue and help prevent potential memory corruption, Denial of Service (DoS), or code execution attacks.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-46220 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, discovered on December 19, 2023, involves an attacker sending specially crafted data packets to a Mobile Device Server, causing memory corruption that could lead to a Denial of Service (DoS) or code execution.

Weakness enumeration

The vulnerability CVE-2023-46220 is categorized as CWE-787, an Out-of-bounds Write, involving memory corruption and potentially causing Denial of Service or code execution.

For more details

CVE-2023-46220 is a critical vulnerability affecting Ivanti Avalanche software on Microsoft Windows systems. After analyzing various sources, it's clear that updating to version 6.4.2 or later is crucial for mitigating the risk of memory corruption, Denial of Service (DoS), or code execution. For more information about the CVE-2023-46220 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-46220 Report - Details, Severity, & Advisorie...

CVE-2023-46220 Report - Details, Severity, & Advisories

Twingate Team

Feb 23, 2024

CVE-2023-46220 is a critical vulnerability with a severity rating of 9.8, affecting systems running Ivanti Avalanche software on Microsoft Windows. An attacker can exploit this vulnerability by sending specially crafted data packets to the Mobile Device Server, causing memory corruption that could lead to a Denial of Service (DoS) or code execution. This issue impacts Ivanti Avalanche versions up to, but not including, 6.4.2.

How do I know if I'm affected?

If you're using Ivanti Avalanche software on a Microsoft Windows system, you might be affected by the vulnerability. This issue impacts versions up to, but not including, 6.4.2. To check if you're affected, verify the version of your Ivanti Avalanche software. If it's older than 6.4.2, you could be at risk of memory corruption, leading to a Denial of Service (DoS) or code execution.

What should I do if I'm affected?

If you're affected by the vulnerability, it's important to take action. To protect your system, update your Ivanti Avalanche software to version 6.4.2 or later. This will address the security issue and help prevent potential memory corruption, Denial of Service (DoS), or code execution attacks.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-46220 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, discovered on December 19, 2023, involves an attacker sending specially crafted data packets to a Mobile Device Server, causing memory corruption that could lead to a Denial of Service (DoS) or code execution.

Weakness enumeration

The vulnerability CVE-2023-46220 is categorized as CWE-787, an Out-of-bounds Write, involving memory corruption and potentially causing Denial of Service or code execution.

For more details

CVE-2023-46220 is a critical vulnerability affecting Ivanti Avalanche software on Microsoft Windows systems. After analyzing various sources, it's clear that updating to version 6.4.2 or later is crucial for mitigating the risk of memory corruption, Denial of Service (DoS), or code execution. For more information about the CVE-2023-46220 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-46220 Report - Details, Severity, & Advisories

Twingate Team

Feb 23, 2024

CVE-2023-46220 is a critical vulnerability with a severity rating of 9.8, affecting systems running Ivanti Avalanche software on Microsoft Windows. An attacker can exploit this vulnerability by sending specially crafted data packets to the Mobile Device Server, causing memory corruption that could lead to a Denial of Service (DoS) or code execution. This issue impacts Ivanti Avalanche versions up to, but not including, 6.4.2.

How do I know if I'm affected?

If you're using Ivanti Avalanche software on a Microsoft Windows system, you might be affected by the vulnerability. This issue impacts versions up to, but not including, 6.4.2. To check if you're affected, verify the version of your Ivanti Avalanche software. If it's older than 6.4.2, you could be at risk of memory corruption, leading to a Denial of Service (DoS) or code execution.

What should I do if I'm affected?

If you're affected by the vulnerability, it's important to take action. To protect your system, update your Ivanti Avalanche software to version 6.4.2 or later. This will address the security issue and help prevent potential memory corruption, Denial of Service (DoS), or code execution attacks.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-46220 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, discovered on December 19, 2023, involves an attacker sending specially crafted data packets to a Mobile Device Server, causing memory corruption that could lead to a Denial of Service (DoS) or code execution.

Weakness enumeration

The vulnerability CVE-2023-46220 is categorized as CWE-787, an Out-of-bounds Write, involving memory corruption and potentially causing Denial of Service or code execution.

For more details

CVE-2023-46220 is a critical vulnerability affecting Ivanti Avalanche software on Microsoft Windows systems. After analyzing various sources, it's clear that updating to version 6.4.2 or later is crucial for mitigating the risk of memory corruption, Denial of Service (DoS), or code execution. For more information about the CVE-2023-46220 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.