CVE-2023-32560: Ivanti - Unauthenticated Stack-based Buffer Overflows (Not applicable for WAF signature)

NetScaler CTRI Team

Last Updated: 08/16/2023

Description:

A vulnerability has been discovered in Ivanti Avalanche.

The vulnerability exists in WLAvalancheService.exe version 6.4.0.0 and older, which receives communications over TCP port 1777. It can be exploited by an attacker sending specially crafted data packets containing hex strings (type 3) or a list of decimal strings separated by “;” (type 9). This can cause a buffer overflow due to a fixed-size stack-based buffer used to store the converted data.

Avalanche version 6.4.1 has fixed multiple security vulnerabilities, including CVE-2023-32560, CVE-2023-32561, CVE-2023-32562, CVE-2023-32563, CVE-2023-32564, CVE-2023-32565, and CVE-2023-32566. These vulnerabilities concern various authentication bypasses and remote code execution flaws.

Please follow the guidelines as recommended by the vendor in their Security Article

NetScaler CTRI :

NetScaler CTRI team is actively investigating this issue and will provide an update on the mitigation steps, WAF Signature soon. 

Update: CTRI team has verified that the CVE-2023-32560 is not applicable for a WAF signature as it solely exploit TCP/UDP path. (https://help.ivanti.com/wl/help/en_us/ava/6.4/Avalanche/Appendices/ports.ht)

References:

1. https://nvd.nist.gov/vuln/detail/CVE-2023-32560