CVE-2023-46804: 
Ivanti Avalanche vulnerability analysis and mitigation

A vulnerability identified as CVE-2023-46804 affects the Mobile Device Server component of Ivanti Avalanche. The vulnerability was discovered by Trend Micro's Zero Day Initiative and was addressed in Avalanche version 6.4.2. The issue allows remote attackers to cause memory corruption through specially crafted data packets sent to the Mobile Device Server (Release Notes, ZDI Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The technical assessment indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high availability impact through memory corruption (NVD).

When successfully exploited, the vulnerability can lead to a Denial of Service (DoS) condition through memory corruption in the Mobile Device Server. This can result in service disruption for affected systems (ZDI Advisory).

Ivanti has released version 6.4.2 of Avalanche to address this vulnerability. Users are advised to upgrade to this version to mitigate the risk. The fix was included as part of a security hardening update that addressed multiple vulnerabilities (Release Notes).