Ivanti has addressed a critical vulnerability in one of its products which could have allowed threat actors to drop all kinds of malware on flawed endpoints.
As per an advisory released by the company earlier this week, the flaw is a remote code execution (RCE) vulnerability found in its Endpoint Management Software (EPM), BleepingComputer reported.
By abusing the flaw, threat actors could hijack enrolled devices or even the core server. The vulnerability is now tracked as CVE-2023-39336, and affects all supported EPM versions. If your organization is using the software, make sure to update it to version 2022 Service Update 5.
No evidence of abuse
To abuse the flaw, the attackers don’t require special privileges, or even user interaction. The only thing they need is access to the target’s internal network. "If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication," Ivanti says. "This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server."
The good news is that Ivanti was proactive about the flaw. There is no evidence of hackers abusing it in the wild, or client complaints of hacking attempts. Further details about the flaw, found in the advisory, are currently unavailable, likely to give most customers a chance to apply the patch before other threat actors learn about the hole.
Ivanti’s EPM is a unified platform designed to help businesses manage user profiles and client devices. It supports Windows, macOS, Linux, Chrome OS, and different IoT platforms. It also comes with Day Zero support, promising swift management without loss of functionality, or downtime.
The company counts more than 40,000 clients around the world.
More from TechRadar Pro
- Major data breach exposes database of 200 million users
- Here's a list of the best firewalls today
- These are the best endpoint protection services right now