b2b-daily
Search
Close this search box.
Search
Close this search box.
Home | IT | Cyber Security

Ivanti Releases Critical Update for Avalanche MDM Vulnerabilities

Avatar photo
by Bairon McAdams
April 19, 2024
Image Credit: Pexels
Ivanti Releases Critical Update for Avalanche MDM Vulnerabilities

Ivanti, a prominent security provider, has taken significant measures by releasing an essential update for its Avalanche mobile device management (MDM) software. This critical update addresses a series of 27 identified security flaws, including two severe vulnerabilities that could potentially allow malicious actors to execute code remotely. Avalanche is a critical tool for IT managers, overseeing a wide array of mobile devices within various organizations. It’s imperative for the software to be impermeable to security threats due to its role in safeguarding corporate mobile device infrastructure. The rectification of these vulnerabilities was crucial and demanded immediate attention to prevent any exploitation that could compromise device security across numerous businesses relying on this system for centralized device management.

Critical Vulnerabilities and Their Implications

Among the vulnerabilities patched, the most severe were identified as CVE-2024-24996 and CVE-2024-29204. These represented heap overflow vulnerabilities in different components of the Avalanche software and were assigned a Common Vulnerability Scoring System (CVSS) score of 9.8. The high severity score is attributed to the potential for these vulnerabilities to enable remote, unauthenticated attackers to execute arbitrary code. The update bringing Avalanche to version 6.4.3 is of paramount importance, as it not only rectifies these two crucial flaws but also addresses a variety of other security shortcomings such as path traversal and out-of-bounds read issues, which came with their own spectrum of CVSS scores.

Timely Response by Ivanti

It’s a relief to note that at the time of the vulnerability disclosure, there was no evidence of active exploitation. However, the incident comes on the heels of a series of security challenges for Ivanti over the past year, which saw state-sponsored Chinese threat actors capitalizing on zero-days in their Endpoint Manager and Connect Secure VPN offerings. In light of these occurrences, some insurance companies have begun requiring additional safeguards to be in place for clients utilizing Ivanti products. The proactive issuance of the update reflects Ivanti’s recognition of the imperatives of timely intervention in today’s cybersecurity landscape that is dotted with advanced persistent threats and more aggressive state-sponsored hacking strategies. Maintaining up-to-date defenses remains a non-negotiable component of corporate security strategy, especially for systems as crucial as device management software that act as gatekeepers for enterprise mobile devices and data.

Information Security

Explore more

Email Marketing Drives Ecommerce Growth and Loyalty
May 16, 2025

In an era dominated by social media and ever-evolving digital platforms, email marketing has carved its niche as a cornerstone strategy for ecommerce brands seeking growth and customer loyalty. While flashy apps and websites pop up with regularity, emails quietly continue to offer consistent, adaptable solutions for engaging audiences effectively. A cornerstone statistic from the Data & Marketing Association has

Will Validity’s Acquisition Revolutionize Email Marketing?
May 16, 2025

In a strategic move, Validity has successfully acquired Litmus to revolutionize the email marketing landscape by integrating Litmus’s advanced email optimization and testing capabilities into Validity’s robust platform. Validity, renowned for its expertise in managing CRM data and email verification, aims to construct a comprehensive system that oversees every phase of the email campaign lifecycle. With products such as DemandTools

Can You Stay Ahead in Digital Marketing Innovation?
May 16, 2025

In the rapidly evolving world of digital marketing, staying ahead of innovation poses a formidable challenge for industry professionals. As technology advances, new tools, strategies, and platforms emerge at a breakneck pace, leaving marketers in constant pursuit of the latest trends. The upcoming digital marketing conference highlights the importance of embracing these technological shifts, urging senior marketing leaders to gather

Can Sender Revolutionize Email Marketing for Small Businesses?
May 16, 2025

The rapidly evolving landscape of digital marketing presents both opportunities and challenges for small businesses striving to establish their presence amid fierce competition. Email marketing has long been an essential tool in this realm, but the prohibitive costs and complex features of many platforms have frequently hampered access for smaller entities. Against this backdrop, Sender emerges as a compelling alternative—a

Can HPE Eclipse VMware in the Private Cloud Race?
May 16, 2025

The private cloud market has long been a competitive realm filled with robust technologies and innovative solutions. Among the major players, Hewlett Packard Enterprise (HPE) and VMware stand out for their ongoing rivalry in providing cloud management solutions. The market has witnessed significant shifts, particularly after Broadcom’s operational changes within VMware, prompting several tech giants to position themselves as feasible