Ivanti has disclosed critical security vulnerabilities within its Endpoint Manager (EPM) solution that pose severe risks to affected systems. This vulnerability, identified as CVE-2023-39336, has received a high-risk CVSS score of 9.6 out of 10, indicating its potential for abuse. The flaw affects both the EPM 2021 and EPM 2022 versions prior to the SU5 update, opening the door for remote code execution (RCE) on vulnerable servers.
According to Ivanti’s advisory, the exploit can allow an attacker within the internal network to leverage a previously unidentified SQL injection vulnerability. This type of attack enables unauthorized users to execute arbitrary SQL queries, gaining access to sensitive data without requiring any authentication. Such an intrusion could lead to extensive control over machines utilizing the EPM agent, especially if these systems are running SQL Express, which may facilitate RCE on the core server itself.
The announcement follows shortly after Ivanti patched nearly two dozen security issues in its Avalanche mobile device management solution. Thirteen of these vulnerabilities rated as critical have been classified as unauthenticated buffer overflows, also bearing significant implications for security. Ivanti stated that attackers can exploit these weaknesses by sending specially crafted data packets, which may culminate in memory corruption, denial-of-service (DoS) incidents, or code execution.
While there have been no confirmed incidents of these vulnerabilities being exploited in live environments, there is a notable history of state-sponsored actors exploiting zero-day flaws in Ivanti products to breach Norwegian governmental networks. Specifically, vulnerabilities identified as CVE-2023-35078 and CVE-2023-35081 were previously leveraged in such attacks, illustrating the urgent need for vigilance.
The recent notification ties into broader cybersecurity concerns, especially given another recently discovered critical vulnerability in the Ivanti Sentry product, tracked as CVE-2023-38035, which is under active exploitation. This highlights the continuing challenges Ivanti faces in safeguarding its product suite against sophisticated threats.
From an adversarial tactics perspective, the techniques associated with this vulnerability could fall under the MITRE ATT&CK framework’s categories, including initial access and privilege escalation. The dire nature of these vulnerabilities illustrates a critical need for businesses utilizing Ivanti’s services to apply available security updates promptly, ensuring their systems are not susceptible to exploitation.
In conclusion, cybersecurity remains a pressing issue, particularly for companies relying on third-party software solutions. Continuous updates and awareness surrounding emerging vulnerabilities are vital in mitigating risk. As this situation unfolds, business owners must remain informed and proactive in protecting their infrastructures against potential threats.
