Ivanti Critical EPM Bug Allows Hackers to Hijack EPM Devices

Written by Mitchell Langley

January 11, 2024

Ivanti Critical EPM Bug Allows Hackers to Hijack EPM Devices

Ivanti has successfully addressed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM). The Ivanti critical EPM bug had the potential to allow unauthorized individuals to take control of enrolled devices or the core server.

Ivanti Critical EPM Bug Affects All Ivanti RPM Versions

Ivanti EPM is a comprehensive solution designed to manage client devices across various platforms, including Windows, macOS, Chrome OS, and IoT operating systems.

The Ivanti Critical EPM Bug, identified as CVE-2023-39336, affected all supported versions of Ivanti Endpoint Manager. However, this issue has been resolved in the latest version, 2022 Service Update 5.

It is important to note that attackers within a target’s internal network could exploit this Flaw in Endpoint Manager through low-complexity attacks, without requiring privileges or user interaction.

“If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication,”

“This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server.”

Ivanti said in a statement

Ivanti has stated that there is no evidence to suggest that any of its customers have been impacted by attackers exploiting this Vulnerability in EPM software.

To provide customers with ample time to secure their devices, Ivanti has currently restricted public access to the advisory containing the complete details of CVE-2023-39336. This measure aims to prevent threat actors from utilizing the additional information to create further exploits for vulnerability in endpoint manager.

The Ivanti EPM Flaw is Another Addition to the Series of Ivanti Exploits

In July, there were incidents where state-affiliated hackers exploited two zero-day vulnerabilities, namely CVE-2023-35078 and CVE-2023-35081, in Ivanti’s Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. These attacks targeted the networks of several Norwegian government organizations.

“Mobile device management (MDM) systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability,”

“Consequently, CISA and NCSC-NO are concerned about the potential for widespread exploitation in government and private sector networks.”

CISA warns in an advisory.

Furthermore, there was another instance where another zero-day vulnerability, identified as CVE-2023-38035, was exploited in attacks targeting Ivanti’s Sentry software, formerly known as MobileIron Sentry. These attacks occurred approximately one month after the previous incidents.

In addition, Ivanti addressed a significant number of critical security vulnerabilities in its Avalanche enterprise mobile device management (MDM) solution in both December and August.

It is worth noting that Ivanti’s products are trusted and utilized by over 40,000 companies worldwide for the management of their IT assets and systems.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!