Endpoint Security, Enterprise Mobility Management/BYOD, Governance and Risk Management
SQL injection flaw affects all supported versions of Ivanti Endpoint Manager
Prajeet Nair (@prajeetspeaks) •
January 7, 2024
Ivanti has issued an urgent alert to users of its endpoint security products to patch critical vulnerabilities that expose their systems to potential exploitation by unauthorized attackers.
Related item: JavaScript and blockchain: a technology you can’t ignore
Mobile endpoint security vendor recommendation Warned customers about SQL injection vulnerabilities tracked as CVE-2023-39336 Available with all supported versions of the widely used Ivanti Endpoint Manager (also known as Ivanti EPM).
This vulnerability allows an attacker to execute malicious code within an affected network without requiring authentication. The affected software is designed to run on a variety of platforms including Linux, Chrome OS, Windows, macOS, and even Internet of Things devices such as routers.
Ivanti EPM also helps automate and simplify the process of applying patches and updates to operating systems and applications across all endpoints. This is very important to keep your software up to date and protected from known vulnerabilities.
The primary purpose of Ivanti EPM is to provide IT administrators with a centralized platform to efficiently manage and protect endpoints, including desktops, laptops, servers, and other devices.
In August, Ivanti disclosed a critical vulnerability that could allow an attacker to take full control of the Ivanti Sentry gateway server between mobile devices and the backend infrastructure (see: New zero-day bug affects all versions of Ivanti Sentry
Vulnerabilities are tracked as follows CVE-2023-38035which has a severity score of 9.8, could be exploited in conjunction with a previously published zero-day on Ivanti’s Endpoint Manager Mobile platform, said the Mnemonic researchers who reported the bug.
Vulnerabilities addressed
SQL injection vulnerabilities result from flawed code that interprets user input as database commands. In more technical terms, these vulnerabilities occur when data is concatenated with SQL code without being properly quoted according to SQL syntax standards, the advisory said.
“If exploited, an attacker with access to the internal network could leverage unspecified SQL injection to execute arbitrary SQL queries and retrieve the output without requiring authentication. “An attacker could gain control of the machine running the EPM agent. This could lead to remote code execution on the core server if it is configured to use SQL Express.” is listed.
Vulnerabilities in Ivanti products have been assigned a severity rating of 9.6 out of 10.
The company said such a high severity rating highlights the urgent need for users to immediately apply available patches to protect their systems and networks.
Failure to promptly address this critical vulnerability could have serious consequences, as an attacker could exploit this flaw to execute malicious code and compromise the security of an affected network. The company said there is.
Ivanti recommends that users prioritize installing the available patches to reduce the risks associated with this security vulnerability.
Attackers targeted other Ivanti software flaws about six months ago. The company on July 23rd patch applied A zero-day vulnerability in the Endpoint Manager Mobile platform (previously known as MobileIron Core) has become extremely serious after an unknown attacker used it to attack more than a dozen government ministries in Norway. (see below). Ivanti Zero-Day used in Norwegian government breach).
The company has since released a second emergency patch (see below). Ivanti announces second zero-day used in Norwegian government breach).
government security agency Australia and Germany Users were advised to update their vulnerable Sentry products.