Ivanti has released security updates to address a critical vulnerability, tracked as CVE-2023-39336 (CVSS score 9.6), impacting its Endpoint Manager (EPM) solution. The exploitation of this vulnerability could lead to remote code execution (RCE) on vulnerable servers.
“If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication.” reads the advisory published by company. “This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server”
The vulnerability impacts EPM 2021 and EPM 2022 prior to SU5.
At the end of July, Ivanti disclosed another security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35078 (CVSS score: 7.8), that was exploited in the wild as part of an exploit chain by threat actors.
In early August, Rapid7 researchers discovered a bypass for the above vulnerability in Ivanti Endpoint Manager Mobile (EPMM).
The new vulnerability, tracked as CVE-2023-35082 (CVSS score: 10.0), can be exploited by unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below). Ivanti addressed the vulnerability with the release of the MobileIron Core 11.3 version
The vulnerability could be exploited to access sensitive API data and configurations, run system commands, or write files onto the system. The vulnerability CVE-2023-38035 impacts Sentry versions 9.18 and prior.
The researchers at cybersecurity firm Horizon3 have published a technical analysis for this vulnerability and a proof-of-concept (PoC) exploit.
(SecurityAffairs – hacking, Ivanti EPM)