January 5, 2024 at 03:27AM
Ivanti has issued security updates for a critical flaw in its Endpoint Manager solution, posing a remote code execution risk. The vulnerability, rated 9.6 on the CVSS scale, affects EPM 2021 and 2022 prior to SU5. Ivanti also addressed multiple security flaws in its Avalanche enterprise mobile device management solution, some with a high severity rating.
Key takeaways from the meeting notes on Newsroom Vulnerability/Network Security:
1. Ivanti has released security updates to address a critical flaw in its Endpoint Manager (EPM) solution (CVE-2023-39336) that could lead to remote code execution (RCE) on vulnerable servers.
2. The vulnerability impacts EPM 2021 and EPM 2022 prior to SU5, and if exploited, can allow an attacker with access to the internal network to execute arbitrary SQL queries without authentication, potentially leading to RCE on the core server.
3. Ivanti also patched nearly two dozen security flaws in its Avalanche enterprise mobile device management (MDM) solution, with 13 of them rated as critical (CVSS scores: 9.8). These flaws include unauthenticated buffer overflows that could lead to denial-of-service (DoS) or code execution.
4. While there is no evidence of exploitation of the mentioned weaknesses, state-backed actors have previously exploited zero-day flaws in Ivanti Endpoint Manager Mobile (EPMM) to infiltrate the networks of Norwegian government organizations.
5. A month later, a critical vulnerability in the Ivanti Sentry product (CVE-2023-38035) came under active exploitation as a zero-day.
For more exclusive content, follow the newsroom on Twitter and LinkedIn.