CVE-2023-46803: 
Ivanti Avalanche vulnerability analysis and mitigation

CVE-2023-46803 is a vulnerability discovered in Ivanti Avalanche versions 6.x prior to 6.4.2. The vulnerability allows an attacker to send specially crafted data packets to the Mobile Device Server, causing memory corruption which could result in a Denial of Service (DoS) condition (NVD, CVE).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 base score of 7.5 (HIGH). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), has unchanged scope (S:U), and can cause high availability impact (A:H) with no impact on confidentiality or integrity (NVD, ZDI).

The primary impact of this vulnerability is the potential for attackers to create a denial-of-service condition on affected systems. The vulnerability specifically affects the WLAvalancheService component and results from improper exception handling when performing integer division operations (ZDI).

Ivanti has released version 6.4.2 to address this vulnerability. Users are advised to upgrade to this version to mitigate the risk. The fix was included as part of a security hardening update that addressed multiple CVEs (Release Notes).