Ivanti, a prominent IT solutions provider, revealed that it allegedly fixed a critical remote code execution (RCE) vulnerability within its Endpoint Management software (EPM). The flaw is CVE-2023-39336, which poses a significant threat that would allow unauthenticated attackers to compromise registered devices or the core server.
Ivanti EPM is a versatile tool that manages client devices across various platforms, including Windows, macOS, Chrome OS, and IoT operating systems. The company identified the security vulnerability in all supported Ivanti EPM versions; hence, there is urgency in addressing the issue. Fortunately, the company has promptly released a version 2022 Service Update 5 fix.
The vulnerability in the Ivanti EPM feature could allow attackers to execute malicious attacks with no special privileges or user interaction.
Ivanti warns that a threat actor could leverage an unspecified SQL injection to run arbitrary SQL queries and recover output without authentication, granting them control over devices that operate the EPM agent. In cases where the core server utilises SQL Express, this could escalate to RCE on the core server.
However, Ivanti reassures its users that they have yet to find evidence that hackers exploited the vulnerability. To mitigate potential risks, the company has restricted public access to detailed information about CVE-2023-39336. This restriction allows customers to secure their devices before threat actors can create exploits using the disclosed details.
Ivanti also faces a series of security challenges, including state-affiliated hackers exploiting zero-day flaws in its Endpoint Manager Mobile (EPMM) in July. Notably, these incidents highlight the attractiveness of mobile device management (MDM) systems to hackers due to their elevated access to numerous devices.
In subsequent months, Ivanti faced additional challenges with a third zero-day (CVE-2023-38035) in its Sentry software. The company’s proactive response included updating over a dozen critical security vulnerabilities in its Avalanche enterprise mobile device management (MDM) solution.
The recent patch of the critical EPM vulnerability demonstrates the company’s process in maintaining the security and integrity of its products despite the current weaknesses. Users should know these vulnerabilities to avoid exploitation from hackers. They should apply the latest updates to thwart such attacks.
