Ivanti Endpoint Manager Critical Vulnerability - 20240109001

Overview

Ivanti has released a security advisory relating to a critical vulnerability in their Ivanti Endpoint Manager product.

What is vulnerable?

Product(s) Affected	Summary	Severity	CVSS
Ivanti EPM 2021/EPM 2022 prior to SU5	If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication. This can then allow the attacker control over machines running the EPM agent. This applies to all instances of MSSQL. Additionally when the core server is configured to use Microsoft SQL Express, this might lead to RCE on the core server.	Critical	9.6

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US

Additional References

• Ivanti internal community article "CVE-2023-39336 Full Details": https://forums.ivanti.com/s/article/CVE-2023-39336-Full-details?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1