IVANTI ENDPOINT MANAGER SECURITY VULNERABILITY INSIGHT

Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization.

EPM aids in media protection, isolated device remote control, security diagnostics, flexible dashboards and reporting. It also detect and prevent threats before they impact you, and respond swiftly to infections.

EPM, produces software for IT Security, IT Service Management, IT Asset Management, Unified Endpoint Management, Identity Management and supply chain management. Endpoint management is the process of controlling endpoint devices connected to a network.

VULNERABILITY DETAILS

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Using this vulnerability, the IIS Manager “EventHandler.cs” can be hosted on the “/WSStatusEvents” endpoint and the SQL Server log and access can be gained.

After successful exploitation, entire network assets, file listing would be compromised.

Products Affected:

§  Ivanti Avalanche 

§  Ivanti Neurons for ITSM 

§  Ivanti Connect Secure

§  Ivanti Secure Access 

§  Ivanti Endpoint Manager (EPM) 

 

Hence, it is recommended, to apply the patch which Ivanti has released, for all the DevOps and Network Teams. It is also recommended to apply Life Cycle Management on all the installed software’s of the respective project teams to review on regular basis.