Ivanti Critical EPM Bug Allows Hackers to Hijack EPM Devices

Ivanti Critical EPM Bug Allows Hackers to Hijack EPM Devices
Table of Contents
    Add a header to begin generating the table of contents

    Ivanti has successfully addressed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM). The Ivanti critical EPM bug had the potential to allow unauthorized individuals to take control of enrolled devices or the core server.


    Ivanti Critical EPM Bug Affects All Ivanti RPM Versions

    Ivanti EPM is a comprehensive solution designed to manage client devices across various platforms, including Windows, macOS, Chrome OS, and IoT operating systems.

    The Ivanti Critical EPM Bug, identified as CVE-2023-39336, affected all supported versions of Ivanti Endpoint Manager. However, this issue has been resolved in the latest version, 2022 Service Update 5.

    It is important to note that attackers within a target’s internal network could exploit this Flaw in Endpoint Manager through low-complexity attacks, without requiring privileges or user interaction.

    “If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication,”

    “This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server.”

    Ivanti said in a statement

    Ivanti has stated that there is no evidence to suggest that any of its customers have been impacted by attackers exploiting this Vulnerability in EPM software.

    To provide customers with ample time to secure their devices, Ivanti has currently restricted public access to the advisory containing the complete details of CVE-2023-39336. This measure aims to prevent threat actors from utilizing the additional information to create further exploits for vulnerability in endpoint manager.

    The Ivanti EPM Flaw is Another Addition to the Series of Ivanti Exploits

    In July, there were incidents where state-affiliated hackers exploited two zero-day vulnerabilities, namely CVE-2023-35078 and CVE-2023-35081, in Ivanti’s Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. These attacks targeted the networks of several Norwegian government organizations.

    “Mobile device management (MDM) systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability,”

    “Consequently, CISA and NCSC-NO are concerned about the potential for widespread exploitation in government and private sector networks.”

    CISA warns in an advisory.

    Furthermore, there was another instance where another zero-day vulnerability, identified as CVE-2023-38035, was exploited in attacks targeting Ivanti’s Sentry software, formerly known as MobileIron Sentry. These attacks occurred approximately one month after the previous incidents.

    In addition, Ivanti addressed a significant number of critical security vulnerabilities in its Avalanche enterprise mobile device management (MDM) solution in both December and August.

    It is worth noting that Ivanti’s products are trusted and utilized by over 40,000 companies worldwide for the management of their IT assets and systems.

    Related Posts