On January 4, 2024, Ivanti published a security advisory regarding a SQL injection vulnerability in their Endpoint Manager (EPM) solution, CVE-2023-39336. The vulnerability was rated with a CVSS of 9.6, as an attacker with access to the internal network can exploit this vulnerability to execute arbitrary SQL queries without authentication. The potential security implications include the attacker gaining control over machines running the EPM agent and, in some cases, remote code execution (RCE) on the core server.
At this time Arctic Wolf has not observed active exploitation of this vulnerability in the wild or a proof of concept (PoC) exploit. Threat actors previously exploited another vulnerability in Ivanti EPM in 2023, and considering the historical targeting of various other Ivanti products by threat actors (as indicated by CISA’s Known Exploited Vulnerabilities catalog), we assess that threat actors may attempt to exploit CVE-2023-39336 in the near-term.
Recommendation for CVE-2023-39336
Upgrade Ivanti EPM to Fixed Version
Arctic Wolf strongly recommends upgrading Ivanti EPM to the latest fixed version.
Product | Affected Version | Fixed version |
Ivanti Endpoint Manager | EPM 2021 | EPM 2022 SU5 |
EPM 2022 SU4 and prior |
Please follow your organization’s patching and testing guidelines to avoid operational impact.