The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary commands on the underlying Windows system. “We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure,” the company said on Wednesday. CVE-2024-29204 and CVE-2024-24996 Both critical vulnerabilities are heap overflow bugs: … More
The post Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) appeared first on Help Net Security.