CVE-2023-46216
published 2023-12-19CVE-2023-46216: An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or…
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
36.39%
98.3th percentile
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.2 | 6.4.2 |
| ivanti | neurons_for_mdm | — | — |
| ivanti | wavelink | 6.4.1 – 6.4.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for oversized MuProperty type 101 values sent to WLAvalancheService.exe on TCP port 1777; a long token value in a type 101 MuProperty triggers the stack-based buffer overflow. ↗
- →Look for access violations (code c0000005) at instruction address 0x0042b1b8 (rep movsd) in WLAvalancheService.exe, indicative of exploitation of CVE-2023-46216. ↗
- →Stack smash pattern 0x41414141 repeated in return address and stack frames is a strong indicator of active exploitation of this buffer overflow. ↗
- →Unauthenticated TCP connections to port 1777 sending large MuProperty payloads (type field = 101) should be alerted on; no authentication is required to trigger the vulnerability. ↗
- ·The vulnerability is confirmed in Ivanti Avalanche v6.4.1 specifically; the affected binary is WLAvalancheService.exe at the code offset +0x2b1b8. ↗
- ·The NVD and Ivanti KB attribute CVE-2023-46216 to 'Neurons for MDM' / 'Mobile Device Server', while the Tenable PoC targets WLAvalancheService on TCP/1777; verify the exact affected product/component in your environment before applying detections. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Neurons for MDM Authentication Bypass
vendor_ivanti·CVSS 9.8
CVE-2023-46216 [CRITICAL] Ivanti Neurons for MDM Authentication Bypass
Ivanti Neurons for MDM Authentication Bypass
CVE IDs: CVE-2023-46216
Affected products: Neurons for MDM
GHSA
GHSA-jjp4-6rrm-wrm6: An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (
ghsa_unreviewed·2023-12-19
CVE-2023-46216 [CRITICAL] CWE-787 GHSA-jjp4-6rrm-wrm6: An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Ivanti releases patches for 13 critical Avalanche RCE flaws
blogs_bleepingcomputer·2023-12-20·CVSS 9.8
[CRITICAL] Ivanti releases patches for 13 critical Avalanche RCE flaws
## Ivanti releases patches for 13 critical Avalanche RCE flaws
## Sergiu Gatlan
Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution.
Avalanche allows admins to manage over 100,000 mobile devices from a single, central location over the Internet, deploy software, and schedule updates.
As Ivanti explained on Wednesday, these security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses reported by Tenable security researchers and Trend Micro's Zero Day Initiative.
Unauthenticated attackers can exploit them in low-complexity attacks that don't require user interaction to gain remote code execution on unpatched systems.
"An attacker sending specially c
Tenable
Ivanti Avalanche Multiple Vulnerabilities
blogs_tenable·2023-12-18
Ivanti Avalanche Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2023-12-19
Published