A vulnerability patched within the Ivanti Endpoint Supervisor (EPM), an asset monitoring answer for enterprises, might probably enable managed units to be hijacked. Customers are suggested to deploy the patch as quickly as doable as a result of vulnerabilities in machine administration options have been enticing targets for attackers previously.
The vulnerability, tracked as CVE-2023-39336, impacts EPM 2022 SU4 and all earlier variations and has a 9.6 out of 10 criticality rating. Based on the corporate’s advisory, it’s an SQL injection flaw that permits attackers situated on the identical community to execute arbitrary SQL queries and retrieve output with out the necessity for authentication from the EPM server.
Profitable exploitation can result in the attackers taking management over machines operating the EPM agent or executing arbitrary code on the server if the server is configured with Microsoft SQL Categorical. In any other case, the influence applies to all cases of MSSQL.
Ivanti EPM patches comes after fixes to its EDM answer
The EPM patches come after the corporate fastened 20 vulnerabilities on December 20 in its Avalanche enterprise cellular machine administration (EDM) answer. Whereas there are not any reviews of those flaws being focused within the wild for now, zero-day vulnerabilities in Ivanti machine administration merchandise have been exploited earlier than.
In August, Ivanti warned prospects about an authentication bypass flaw in its Sentry product, previously referred to as MobileIron Sentry, a gateway that safe site visitors between cellular units and back-end enterprise methods. The US Cybersecurity and Infrastructure Safety Company (CISA) later added the vulnerability to its Identified Exploited Vulnerabilities catalog. A month earlier than, state-sponsored attackers exploited two zero-day vulnerabilities (CVE-2023-35078 and CVE-2023-35081) in Ivanti Endpoint Supervisor Cellular (EPMM), previously referred to as MobileIron Core, to interrupt into Norwegian authorities networks.
Previously, a number of ransomware risk actors have exploited vulnerabilities in machine administration software program, together with software program utilized by IT managed companies suppliers (MSPs) probably impacting hundreds of companies. As a consequence of their in depth capabilities and privileged permissions on methods these administration brokers can act as distant entry trojans if hijacked.
