CVE-2023-39336: SQL Injection Vulnerability in Ivanti Endpoint Manager

Share :

On January 4, 2024, Ivanti published a security advisory regarding a SQL injection vulnerability in their Endpoint Manager (EPM) solution, CVE-2023-39336. The vulnerability was rated with a CVSS of 9.6, as an attacker with access to the internal network can exploit this vulnerability to execute arbitrary SQL queries without authentication. The potential security implications include the attacker gaining control over machines running the EPM agent and, in some cases, remote code execution (RCE) on the core server. 

At this time Arctic Wolf has not observed active exploitation of this vulnerability in the wild or a proof of concept (PoC) exploit. Threat actors previously exploited another vulnerability in Ivanti EPM in 2023, and considering the historical targeting of various other Ivanti products by threat actors (as indicated by CISA’s Known Exploited Vulnerabilities catalog), we assess that threat actors may attempt to exploit CVE-2023-39336 in the near-term. 

Recommendation for CVE-2023-39336

Upgrade Ivanti EPM to Fixed Version  

Arctic Wolf strongly recommends upgrading Ivanti EPM to the latest fixed version. 

Product  Affected Version  Fixed version 
Ivanti Endpoint Manager  EPM 2021  EPM 2022 SU5 
EPM 2022 SU4 and prior 

 

Please follow your organization’s patching and testing guidelines to avoid operational impact. 

References 

  1. Ivanti Security Advisory
  2. CVE-2023-35081  
Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security and holds a bachelor’s degree in Cybersecurity Engineering.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter