IVANTI
ENDPOINT MANAGER SECURITY VULNERABILITY INSIGHT
Ivanti
Endpoint Manager (EPM) is an enterprise endpoint management solution that
allows for centralized management of devices within an organization.
EPM
aids in media protection, isolated device remote control, security diagnostics,
flexible dashboards and reporting. It also detect and prevent threats before
they impact you, and respond swiftly to infections.
EPM,
produces software for IT Security, IT Service Management, IT Asset Management,
Unified Endpoint Management, Identity Management and supply chain management.
Endpoint management is the process of controlling endpoint devices
connected to a network.
VULNERABILITY DETAILS
An unspecified SQL Injection vulnerability in Core server
of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the
same network to execute arbitrary code.
Using this vulnerability, the IIS Manager “EventHandler.cs” can
be hosted on the “/WSStatusEvents” endpoint and the SQL Server log
and access can be gained.
After successful exploitation, entire network assets,
file listing would be compromised.
Products Affected:
§
Ivanti Avalanche
§
Ivanti Neurons for ITSM
§
Ivanti Connect Secure
§
Ivanti Secure Access
§
Ivanti Endpoint Manager (EPM)
Hence, it is recommended, to apply the
patch which Ivanti has released, for all the DevOps and Network Teams. It is
also recommended to apply Life Cycle Management on all the installed software’s
of the respective project teams to review on regular basis.