Ivanti [1] [2] [3] [4] [5] [6] [7] [8] [9], a renowned IT asset and systems management company [5], has recently addressed a critical remote code execution (RCE) vulnerability in its Endpoint Management Software (EPM) [6]. This vulnerability, known as CVE-2023-39366 [1] [5] [6], had the potential to allow unauthenticated attackers to gain control over devices enrolled in the EPM or the core server itself [6].
Description
The vulnerability affected all supported versions of Ivanti EPM and has been resolved in the 2022 Service Update 5 [6]. Attackers with access to a target’s internal network could exploit the vulnerability through low-complexity attacks without the need for privileges or user interaction [6]. However, Ivanti has not found any evidence of customers being impacted by this vulnerability [6]. To ensure customer security, Ivanti has restricted public access to a detailed advisory on CVE-2023-39366 [6], giving customers time to secure their devices before potential exploits are developed [6].
In addition to this vulnerability, Ivanti has also addressed 21 security flaws in its Avalanche enterprise mobile device management (MDM) solution [4]. These include 13 critical buffer overflows [4]. Organizations using Avalanche MDM are advised to review the Ivanti Security Advisory and apply relevant updates.
It is worth noting that state-backed actors have previously targeted Ivanti Endpoint Manager Mobile (EPMM) with zero-day flaws to infiltrate Norwegian government networks [4]. Furthermore, in August 2023 [4], a critical vulnerability in Ivanti Sentry (CVE-2023-38035) was actively exploited as a zero-day [4].
Conclusion
The resolution of these vulnerabilities by Ivanti is crucial for the security of their clients’ systems. While no evidence of customer impact has been found, it is important for all Ivanti Endpoint Manager users to install the patch as soon as possible to mitigate any potential risks. Additionally, the previous targeting of Ivanti products by state-backed actors highlights the ongoing need for vigilance and proactive security measures in the face of evolving threats.
References
[1] https://www.scmagazine.com/news/ivanti-patches-critical-flaw-in-its-epm-software
[2] https://www.ivanti.com/blog/security-update-for-ivanti-epm
[3] https://owasp.or.id/2024/01/05/ivanti-releases-patch-for-critical-vulnerability-in-endpoint-manager-solution/
[4] https://thehackernews.com/2024/01/alert-ivanti-releases-patch-for.html
[5] https://securityonline.info/cve-2023-39336-ivanti-addresses-major-rce-vulnerability/
[6] https://vulnera.com/newswire/critical-remote-code-execution-vulnerability-in-ivantis-endpoint-management-software/
[7] https://arstechnica.com/security/2024/01/ivanti-warns-of-critical-vulnerability-in-its-popular-line-of-endpoint-protection-software/
[8] https://digital.nhs.uk/cyber-alerts/2024/cc-4428
[9] https://www.techradar.com/pro/security/ivanti-fixes-critical-security-flaw-that-could-let-hackers-hijack-work-devices-so-patch-now
