CVE-2023-46259: 
Ivanti Avalanche vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-46259) was discovered in Ivanti Avalanche's Mobile Device Server that allows an attacker to cause memory corruption through specially crafted data packets. The vulnerability was identified in December 2023 and affects all supported versions of Avalanche 6.3.1 and above, as well as older versions (NVD, Release Notes).

The vulnerability is classified as a Stack-based Buffer Overflow Remote Code Execution (RCE) vulnerability with a CVSS v3.1 base score of 9.8 (Critical). The high severity score is due to the vulnerability requiring no authentication or user interaction and being exploitable over the network (NVD, Arctic Wolf).

Successful exploitation of this vulnerability could lead to both Denial of Service (DoS) conditions and potential remote code execution on affected systems. This gives attackers the ability to potentially take complete control of the vulnerable system (NVD, Bleeping Computer).

Ivanti has released version 6.4.2.313 of Avalanche which patches this vulnerability along with several other security issues. Organizations are strongly recommended to upgrade to this version to address the security vulnerabilities (Release Notes, Bleeping Computer).