January 5, 2024 at 07:18AM
Ivanti warned of a critical vulnerability in its Endpoint Manager product, CVE-2023-39336, allowing remote code execution and potential device takeover. The issue affects EPM 2022 Service Update 4 and all prior versions, with a fix available in EPM 2022 Service Update 5. Ivanti restricts details to customers, suggesting proactive patching is crucial.
Key Takeaways from Meeting Notes:
1. Ivanti has warned of a critical-severity vulnerability (CVE-2023-39336) in its Endpoint Manager (EPM) product that could lead to remote code execution (RCE). The vulnerability is described as an SQL injection bug, enabling attackers to execute arbitrary SQL queries and retrieve output without authentication.
2. The exploitation of this vulnerability could allow attackers to take over devices running the EPM agent, particularly when the core server is configured to use SQL express. The impacted versions include EPM 2022 Service Update 4 and all prior versions, including EPM 2021 iterations.
3. Ivanti has released EPM 2022 Service Update 5, which resolves the bug, and is recommended for customers to apply the patches promptly.
4. The company has not publicly disclosed further details about the flaw, restricting access to customers only, likely to provide them with more time to apply the patches.
5. Though Ivanti has not mentioned the vulnerability being targeted in the wild, it has acknowledged that security defects in its products have been exploited in malicious attacks, including as zero-days.
6. Recent examples include CVE-2023-38035, CVE-2023-35078, and CVE-2023-35081, which were critical-severity issues in different Ivanti products and had been exploited as zero-days. This highlights the continued need for prompt patching and vigilance against potential security threats.
Let me know if you need additional information or further clarification on any specific points.