Ivanti EPM Security Alert – Critical RCE Vulnerability Patched to Prevent Device Hijacking

by | Jan 5, 2024 | News

Ivanti EPM Security Alert - Critical RCE Vulnerability Patched to Prevent Device Hijacking

Post Views: 364




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes
In a recent development, Ivanti has successfully addressed a critical remote code execution (RCE) vulnerability within its Endpoint Management software (EPM). This vulnerability posed a significant threat, potentially allowing unauthenticated attackers to seize control of enrolled devices or compromise the core server.

Ivanti EPM, a versatile solution managing client devices across various platforms such as Windows, macOS, Chrome OS, and IoT operating systems, was susceptible to the security flaw tracked as CVE-2023-39336. This vulnerability impacted all supported versions of Ivanti EPM and has been effectively resolved with the release of version 2022 Service Update 5.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

The nature of the vulnerability meant that attackers with access to a target’s internal network could exploit it through low-complexity attacks, requiring neither privileges nor user interaction. Ivanti highlighted the potential risk, stating, “If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication. This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server.”

While Ivanti assures its customers that there is no evidence of attackers exploiting this vulnerability against its user base, the company has taken proactive measures. Public access to an advisory containing full details about CVE-2023-39336 has been temporarily blocked. This strategic move provides Ivanti’s customers with additional time to secure their devices before threat actors can potentially exploit the vulnerability using the disclosed information.

Trending: Deep Dive to Fuzzing for Maximum Impact




Trending: Offensive Security Tool: Troll-A

This incident follows a series of targeted attacks on Ivanti’s products, including zero-day exploits in July, where state-affiliated hackers utilized vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) to infiltrate the networks of multiple Norwegian government organizations. The article sheds light on the increased attractiveness of Mobile Device Management (MDM) systems to threat actors due to the elevated access they provide to numerous mobile devices.

In light of these recent events, cybersecurity experts are urging organizations, both in the government and private sectors, to remain vigilant. Ivanti’s products, employed by over 40,000 companies globally, continue to be essential tools for managing IT assets and systems. 

Trending: Poorly Managed Linux SSH Servers Targeted for DDoS Bot and CoinMiner Attacks

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This