Ivanti fixes critical security flaw that could let hackers hijack work devices, so patch now

News
By Sead Fadilpašić
published

An RCE flaw was found in Ivanti's Endpoint Management software

A digital padlock on a blue digital background.
(Image credit: Shutterstock / vs148)

Ivanti has addressed a critical vulnerability in one of its products which could have allowed threat actors to drop all kinds of malware on flawed endpoints. 

As per an advisory released by the company earlier this week, the flaw is a remote code execution (RCE) vulnerability found in its Endpoint Management Software (EPM), BleepingComputer reported.

By abusing the flaw, threat actors could hijack enrolled devices or even the core server. The vulnerability is now tracked as CVE-2023-39336, and affects all supported EPM versions. If your organization is using the software, make sure to update it to version 2022 Service Update 5. 

No evidence of abuse

To abuse the flaw, the attackers don’t require special privileges, or even user interaction. The only thing they need is access to the target’s internal network. "If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication," Ivanti says. "This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server."

The good news is that Ivanti was proactive about the flaw. There is no evidence of hackers abusing it in the wild, or client complaints of hacking attempts. Further details about the flaw, found in the advisory, are currently unavailable, likely to give most customers a chance to apply the patch before other threat actors learn about the hole.

Ivanti’s EPM is a unified platform designed to help businesses manage user profiles and client devices. It supports Windows, macOS, Linux, Chrome OS, and different IoT platforms. It also comes with Day Zero support, promising swift management without loss of functionality, or downtime.

The company counts more than 40,000 clients around the world.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.