January 4, 2024 at 04:46PM
Ivanti resolved a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM), impacting all supported versions. Attackers on internal networks can exploit the flaw without requiring privileges or user interaction. Ivanti has prevented public access to full details on the vulnerability, aiming to provide customers with time to secure their devices.
Key Takeaways from the Meeting Notes:
– Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that could allow unauthenticated attackers to take control of enrolled devices or the core server.
– The security flaw (CVE-2023-39366) impacts all supported Ivanti EPM versions and has been resolved in version 2022 Service Update 5.
– Attackers with access to the target’s internal network can exploit the vulnerability without needing privileges or user interaction. It allows attackers to execute arbitrary SQL queries and potentially gain control over machines running the EPM agent.
– Ivanti has no evidence that its customers have been affected by attackers exploiting this vulnerability. They have also blocked public access to an advisory containing full details on the CVE-2023-39366 bug.
– State-affiliated hackers used two zero-day flaws (CVE-2023-35078 and CVE-2023-35081) in Ivanti’s Endpoint Manager Mobile (EPMM) to infiltrate the networks of Norwegian government organizations.
– CISA and NCSC-NO expressed concerns about the potential for widespread exploitation of these vulnerabilities in government and private sector networks.
– Another zero-day (CVE-2023-38035) in Ivanti’s Sentry software was exploited in attacks one month later.
– Ivanti also patched over a dozen critical security vulnerabilities in its Avalanche enterprise mobile device management (MDM) solution in December and August.
These takeaways summarize the key security related issues discussed during the meeting for further action and decision making.