Ivanti Avalanche Vulnerability: What You Should Know
The December 20th Ivanti Avalanche advisory disclosed 22 CVEs, 12 of them rated 9.8 (Critical) and the remainder rated High, all rooted in stack-based buffer overflow vulnerabilities capa...
On December 20th, Ivanti published a security advisory disclosing a large batch of vulnerabilities affecting its Avalanche mobile device management (MDM) platform. This briefing consolidates the technical substance of that advisory discussion: what the product does, why the vulnerability class is dangerous, how many CVEs are involved, how to assess exposure, and what remediation and hardening steps organizations should take.
Ivanti is a technology vendor that builds software to help organizations manage and secure computer systems and mobile devices at scale. Its portfolio spans endpoint protection, mobile device management, and network/infrastructure management tooling intended to keep large fleets of devices running smoothly and securely.
Avalanche is Ivanti's MDM solution, but it is distinct from general-purpose enterprise mobility tools such as Microsoft Intune in that it is purpose-built for supply chain and logistics environments. Typical managed endpoints are handheld barcode scanners, rugged tablets, and similar warehouse- or retail-floor devices rather than standard laptops or phones. Avalanche's core function is to ensure that this fleet of specialized devices stays prov...
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
3 sections- 1 Table of Contents
- 2 Module 1: The Ivanti Avalanche Security Advisory
- 3 Summary
More Vulnerability Briefings courses
View all 30Apache Commons Text Vulnerability: What You Should Know
Because the library is freely available, widely trusted, and saves developers from writing boilerplate text-processing code, it has been incorporated into a very large number of Java-base...
Atlassian Vulnerability: What You Should Know
This document covers a group of critical advisories describing a series of Remote Code Execution (RCE) vulnerabilities in Atlassian products. The vulnerabilities span multiple products —...
Authentication Bypass at the Security Edge: What You Should Know
Once all required configuration changes were made, attackers established SSL VPN tunnels to the affected devices using the newly created or hijacked accounts.
Next.js Authentication Bypass Vulnerability: What You Should Know
Next.js is a React-based web development framework created and maintained by Vercel. It is widely used to build fast, scalable, and SEO-friendly web applications.
Breaking! React & Next.js Hit by CVSS 10.0 Bug
Every so often, a vulnerability drops that cuts through the noise — not because of the hype, but because it touches a large part of the modern web stack. CVE-2025-55182 is one of those.
ConnectWise ScreenConnect Vulnerability - What You Should Know
Critical security advisory covering CVE-2024-1709 (CVSS 10.0) and CVE-2024-1708 (CVSS 8.4) — authentication bypass and path traversal vulnerabilities in ConnectWise ScreenConnect.
Interested in this course?
Contact us to book it or get a custom training plan for your team.