Ivanti fixes critical security flaw that could let hackers hijack work devices, so patch now

By abusing the flaw, threat actors could hijack enrolled devices or even the core server. The vulnerability is now tracked as CVE-2023-39336, and affects all supported EPM versions. If your organization is using the software, make sure to update it to version 2022 Service Update 5. 

No evidence of abuse

To abuse the flaw, the attackers don’t require special privileges, or even user interaction. The only thing they need is access to the target’s internal network. "If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication," Ivanti says. "This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server."

The good news is that Ivanti was proactive about the flaw. There is no evidence of hackers abusing it in the wild, or client complaints of hacking attempts. Further details about the flaw, found in the advisory, are currently unavailable, likely to give most customers a chance to apply the patch before other threat actors learn about the hole.

Ivanti’s EPM is a unified platform designed to help businesses manage user profiles and client devices. It supports Windows, macOS, Linux, Chrome OS, and different IoT platforms. It also comes with Day Zero support, promising swift management without loss of functionality, or downtime.

The company counts more than 40,000 clients around the world.

More from TechRadar Pro

• Major data breach exposes database of 200 million users
• Here's a list of the best firewalls today
• These are the best endpoint protection services right now