skip navigation
skip mega-menu

Security Bulletin: Critical Vulnerabilities in Ivanti Avalanche (CVE-2024-29204, CVE-2024-24996)

Summary of Bulletin:

  • On April 16, 2024, Ivanti disclosed two critical vulnerabilities within its Avalanche Mobile Device Management (MDM) solution. These vulnerabilities, identified as CVE-2024-29204 and CVE-2024-24996, are heap overflow issues in the WLInfoRailService and WLAvalancheService components, respectively.
  • Both vulnerabilities have been assigned a CVSS score of 9.8, indicating their critical nature due to the potential for unauthenticated Remote Code Execution (RCE) in low-complexity attacks.
  • We are recommending to customers that they upgrade to the latest version of Ivanti Avalanche.

Subscribe to our newsletter

Sign up here