The IT Nerd

 Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code via all supported versions of Ivanti Endpoint Manager. You can find out all the details here, but here’s the TL:DR:

As part of our ongoing strengthening of the security of our products, we have discovered a new vulnerability in Ivanti EPM. We are reporting this vulnerability as CVE-2023-39336. We have no indication that customers have been impacted by this vulnerability.

This vulnerability impacts all supported versions of the product, and the issue has been resolved in Ivanti EPM 2022 Service Update 5.

If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication. This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server.

Upon learning of the vulnerability, we immediately mobilized resources to fix the problem and have a fix available now for all supported versions. More detailed information is available in this Security Advisory.

ARS Technica took a deep dive into this vulnerability, and based on what they’ve seen, this vulnerability is as bad as it gets. I encourage you to read the article as the severity of this will send chills down your spine. In the meantime, you need to get about patching your Ivanti Endpoint Manager instances ASAP. Because now that this is out there, you can bet that threat actors are actively exploring ways to exploit this to pwn you.

This entry was posted on January 7, 2024 at 8:17 am and is filed under Commentary with tags Ivanti. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.