Governance & Risk Management , Patch Management , Security Operations
Security Researchers Expose Critical Flaw in Ivanti Software
Ivanti Faces Another SQL Injection Flaw in Popular Endpoint Manager ProductSecurity researchers discovered a critical flaw in Ivanti Endpoint Manager that allows hackers to take control of vulnerable systems remotely and steal sensitive data, spread malware and disrupt operations.
See Also: An All-in-One Vulnerability Management, Detection, and Response Solution
Ivanti first heard about the issue in early April after an independent researcher discovered an SQL injection flaw in the company's centralized endpoint management solution. A Wednesday blog post published by Horizon3.ai details a proof-of-concept exploit that can trigger the flaw and allow a hacker to perform a remote attack on multiple vulnerable devices across an enterprise.
Ivanti first released an advisory about the flaw May 24, saying that the exploit has a common vulnerability scoring system of 9.8 and warning that remote attackers can use the vulnerability "to execute arbitrary code on affected installations of Ivanti Endpoint Manager."
"Authentication is not required to exploit this vulnerability," Ivanti said, adding that the flaw exists within the implementation of the RecordGoodApp method.
Ivanti has suffered from a series of high-profile breaches and security flaws in recent months. In January, the company issued an alert warning customers of a separate SQL injection vulnerability in its widely used endpoint manager, also known as Ivanti EPM.
The U.S. Cybersecurity and Infrastructure Agency earlier this year gave federal agencies a February deadline to perform factory resets on Ivanti devices amid a wave of cyberattacks targeting the Utah manufacturer's products. Hackers later breached multiple CISA systems that the agency "immediately took offline" after discovering the affected Ivanti VPN devices.
CISA in February "identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses," a spokesperson said. "We continue to upgrade and modernize our systems, and there is no operational impact at this time" (see: Hackers Compromised Ivanti Devices Used by CISA).