Ivanti has patched a critical vulnerability, tracked as CVE-2023-39336 with a CVSS score 9.6, impacting its endpoint manager (EPM) solution. The exploitation of this vulnerability could lead to remote code execution on vulnerable servers.
Once the vulnerability is exploited and leaveraged, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and extract the output without the need for authentication.
This allows the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server
The researchers at cybersecurity firm Horizon3 have published a technical analysis for this vulnerability and a proof-of-concept (PoC) exploit
The vulnerability impacts EPM 2021 and EPM 2022 prior to SU5. Previously, Ivanti has addressed patches for many vulnerabilities like CVE-2023-35081, CVE-2023-35082, CVE-2023-38035
Great information 🙏