CVE-2023-41727
published 2023-12-19CVE-2023-41727: An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or…
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
36.39%
98.3th percentile
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.2 | 6.4.2 |
| ivanti | wavelink | 6.4.1 – 6.4.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated TCP connections to port 1777 targeting WLAvalancheService.exe with oversized MuProperty type 100 payloads; the overflow occurs when a MuProperty type field is set to 100 and the value data exceeds the fixed-size stack buffer. ↗
- →Detect exploit attempts by inspecting TCP/1777 traffic for the MuProperty message structure where the be32 type field equals 100 (0x00000064) and the ValueSize field indicates a large payload exceeding the fixed stack buffer size. ↗
- →A crash or access violation at WLAvalancheService+0x2af11 (EIP=0042af11, instruction 'rep movsd') with stack overwritten by 0x41414141 patterns is a strong indicator of active exploitation of CVE-2023-41727. ↗
- →The exploit message preamble on TCP/1777 begins with a big-endian MsgSize field followed by HdrSize and PayloadSize; anomalously large PayloadSize values in combination with MuProperty type 100/101/102 should be flagged. ↗
- ·The vulnerability is unauthenticated and exploitable over the network with no prior authentication required (PR:N, UI:N), meaning any host with network access to TCP/1777 can trigger the overflow. ↗
- ·The affected binary WLAvalancheService.exe in Avalanche v6.4.1 lacks a verifiable checksum per WinDbg output, which may complicate integrity-based detection approaches. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-37h3-969w-7ph2: An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (
ghsa_unreviewed·2023-12-19
CVE-2023-41727 [CRITICAL] CWE-787 GHSA-37h3-969w-7ph2: An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti
Ivanti Security Advisory: CVE-2023-41727
vendor_ivanti·2023-12-19·CVSS 9.8
CVE-2023-41727 [CRITICAL] CWE-787 Ivanti Security Advisory: CVE-2023-41727
Ivanti Security Advisory: CVE-2023-41727
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE IDs: CVE-2023-41727
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-787
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Ivanti releases patches for 13 critical Avalanche RCE flaws
blogs_bleepingcomputer·2023-12-20·CVSS 9.8
[CRITICAL] Ivanti releases patches for 13 critical Avalanche RCE flaws
## Ivanti releases patches for 13 critical Avalanche RCE flaws
## Sergiu Gatlan
Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution.
Avalanche allows admins to manage over 100,000 mobile devices from a single, central location over the Internet, deploy software, and schedule updates.
As Ivanti explained on Wednesday, these security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses reported by Tenable security researchers and Trend Micro's Zero Day Initiative.
Unauthenticated attackers can exploit them in low-complexity attacks that don't require user interaction to gain remote code execution on unpatched systems.
"An attacker sending specially c
Tenable
Ivanti Avalanche Multiple Vulnerabilities
blogs_tenable·2023-12-18
Ivanti Avalanche Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2023-12-19
Published