2 min Security

Critical vulnerability in EPM software Ivanti lets hackers take over core server

Critical vulnerability in EPM software Ivanti lets hackers take over core server

Ivanti’s Endpoint Management (EPM) software contains a critical vulnerability that allows hackers to hijack even the core server. This is not the first time Ivanti has been hit by a vulnerability in its software during the period of one year.

Ivanti continues to find vulnerabilities in its software. Recently, the enterprise service management specialist indicated that a critical vulnerability was discovered in its Endpoint Management (EPM) software.

More specifically, a remote code execution (RCE) vulnerability in the EPM software allows small-scale attacks to be carried out. This does not require privileges, end-user interaction or any form of authentication. Hackers do need access to the organization’s internal network.

Through an SQL injection, hackers can execute various SQL queries after the intrusion and obtain the results. With these results, they can then take over the devices running the EPM agent. It is a bigger problem if the core server is configured so that it uses SQL as default. Hackers can then also take control of this server and run arbitrary code remotely.

The EPM software in question helps companies manage devices running on multiple platforms, including Windows, macOS, Chrome OS and various IoT operating systems.

Update available; details not

Ivanti has since patched the critical vulnerability but has not yet provided full details. With this move, it would like to ensure that customers have first provided their software with the update before more insight is provided. This is so as not to make hackers smarter than they already are. In addition, the vulnerability would not have caused any problems yet.

Plenty of vulnerabilities in 2023

Things are not going well for Ivanti when it comes to vulnerabilities in its software. In late December 2023, the company was hit by a vulnerability in its Avalanche MDM solution. Earlier in 2023, it noticed a heavily exploited vulnerability in its Endpoint Manager Mobile (EPMM) solution. This leak was found to have been active since April that year. This was followed in the month of August 2023 by a leak in the Ivanti Sentry gateway.

Also read: Ivanti fixes 14 critical vulnerabilities in Avalanche MDM solution