CVE-2023-46217
published 2023-12-19CVE-2023-46217: An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or…
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
36.39%
98.3th percentile
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.2 | 6.4.2 |
| ivanti | wavelink | 6.4.1 – 6.4.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-46217 is triggered by sending a MuProperty type 102 message to WLAvalancheService.exe on TCP port 1777; monitor for oversized MuProperty type 102 values in the message stream targeting this port. ↗
- →The exploit overwrites the stack return address with 0x41414141 (repeated); look for crash dumps or WER reports from WLAvalancheService.exe showing return addresses of 0x41414141. ↗
- →The message structure sent to TCP/1777 begins with a big-endian 16-byte preamble (MsgSize, HdrSize, PayloadSize, unk); anomalously large PayloadSize or ValueSize fields in MuProperty type 102 indicate an attack attempt. ↗
- →Unauthenticated exploitation — no prior session or credentials required; any connection to TCP/1777 sending a crafted MuProperty type 102 packet should be treated as suspicious. ↗
- ·WLAvalancheService.exe listens on TCP port 1777; this port must be network-accessible for the vulnerability to be remotely exploitable — firewall rules restricting access to this port mitigate exposure. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2023-46217
vendor_ivanti·2023-12-19·CVSS 9.8
CVE-2023-46217 [CRITICAL] CWE-787 Ivanti Security Advisory: CVE-2023-46217
Ivanti Security Advisory: CVE-2023-46217
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVE IDs: CVE-2023-46217
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-787
GHSA
GHSA-hqx2-wc2c-3843: An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (
ghsa_unreviewed·2023-12-19
CVE-2023-46217 [CRITICAL] CWE-787 GHSA-hqx2-wc2c-3843: An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Ivanti releases patches for 13 critical Avalanche RCE flaws
blogs_bleepingcomputer·2023-12-20·CVSS 9.8
[CRITICAL] Ivanti releases patches for 13 critical Avalanche RCE flaws
## Ivanti releases patches for 13 critical Avalanche RCE flaws
## Sergiu Gatlan
Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution.
Avalanche allows admins to manage over 100,000 mobile devices from a single, central location over the Internet, deploy software, and schedule updates.
As Ivanti explained on Wednesday, these security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses reported by Tenable security researchers and Trend Micro's Zero Day Initiative.
Unauthenticated attackers can exploit them in low-complexity attacks that don't require user interaction to gain remote code execution on unpatched systems.
"An attacker sending specially c
Tenable
Ivanti Avalanche Multiple Vulnerabilities
blogs_tenable·2023-12-18
Ivanti Avalanche Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2023-12-19
Published