CVE-2023-46216: 
Ivanti Avalanche vulnerability analysis and mitigation

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result in a Denial of Service (DoS) or code execution. This vulnerability (CVE-2023-46216) affects Ivanti Avalanche versions 6.3.1 and above, including older versions. The vulnerability was discovered and reported by researchers at Tenable and was patched in Avalanche version 6.4.2 (Ivanti Blog, Release Notes).

The vulnerability is classified as an unauthenticated buffer overflow with a CVSS v3.1 base score of 9.8 (Critical). When processing a MuProperty type 101, WLAvalancheService.exe copies user-supplied data to a fixed-size stack-based buffer. An unauthenticated remote attacker can specify a long MuProperty type 101 to overflow the buffer, leading to memory corruption (Tenable Research).

The successful exploitation of this vulnerability can lead to multiple severe consequences including Denial of Service (DoS) conditions or remote code execution. Given the critical CVSS score of 9.8, the vulnerability poses significant risks to affected systems, potentially allowing attackers to gain complete control over the targeted system (Arctic Wolf).

Organizations are strongly advised to upgrade to Ivanti Avalanche version 6.4.2, which contains the fix for this vulnerability. This update addresses the buffer overflow vulnerability along with several other security issues. The patch should be applied following organizational patching and testing guidelines to avoid operational impact (Release Notes, Arctic Wolf).