CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability

Ivanti Avalanche, a mobile device management system, has a vulnerability in its Central FileStore that allows remote code execution as SYSTEM. This vulnerability occurs due to insufficient sanitization of the txtUncPath field in the Central FileStore configuration settings. An attacker can bypass the disallowed path checks by setting the txtUncPath value to "C:\ProgramData\Wavelink\Avalanche" and then uploading a malicious file to the "RemoteControlServer\app" subfolder. The RemoteControl server executes Velocity macro code and can be accessed via an HTTP request to http://:1900/. By uploading a crafted file, an attacker could execute arbitrary commands on the system. The vulnerability was patched in version 6.4.2, and users are recommended to test and deploy this patch to fully address the vulnerability.