Ivanti Endpoint Management
Ivanti Endpoint Management
Introduction
Ivanti has confirmed a critical vulnerability CVE-2023-39336 (CVSS 9.6 critical) in their Endpoint Management software (EPM) that allows for remote code execution on the core server or managed devices.
At this moment Ivanti has no evidence that this is being exploited in the wild.
The exploit is possible without any privileges or user interaction but requires access to the internal network. An unspecified SQL injection can perform arbitrary SQL queries to retrieve information from the Ivanti tool As stated by Ivanti:
“If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication. This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server.”
Affected products
All supported Ivanti EPM prior to version 2022 update 5
Mitigations
Ivanti recommends to update to version 2022 update 5
More information can be found on the announcement from Ivanti here