Attack Surface Management , Governance & Risk Management , Patch Management

Security Researchers Expose Critical Flaw in Ivanti Software

Ivanti Faces Another SQL Injection Flaw in Popular Endpoint Manager Product
Security Researchers Expose Critical Flaw in Ivanti Software
Security researchers published a proof of concept exploiting a vulnerability in Ivanti Endpoint Manager. (Image: Shutterstock)

Security researchers discovered a critical flaw in Ivanti Endpoint Manager that allows hackers to take control of vulnerable systems remotely and steal sensitive data, spread malware and disrupt operations.

See Also: How to Empower IT with Immutable Data Vaults

Ivanti first heard about the issue in early April after an independent researcher discovered an SQL injection flaw in the company's centralized endpoint management solution. A Wednesday blog post published by Horizon3.ai details a proof-of-concept exploit that can trigger the flaw and allow a hacker to perform a remote attack on multiple vulnerable devices across an enterprise.

Ivanti first released an advisory about the flaw May 24, saying that the exploit has a common vulnerability scoring system of 9.8 and warning that remote attackers can use the vulnerability "to execute arbitrary code on affected installations of Ivanti Endpoint Manager."

"Authentication is not required to exploit this vulnerability," Ivanti said, adding that the flaw exists within the implementation of the RecordGoodApp method.

Ivanti has suffered from a series of high-profile breaches and security flaws in recent months. In January, the company issued an alert warning customers of a separate SQL injection vulnerability in its widely used endpoint manager, also known as Ivanti EPM.

The U.S. Cybersecurity and Infrastructure Agency earlier this year gave federal agencies a February deadline to perform factory resets on Ivanti devices amid a wave of cyberattacks targeting the Utah manufacturer's products. Hackers later breached multiple CISA systems that the agency "immediately took offline" after discovering the affected Ivanti VPN devices.

CISA in February "identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses," a spokesperson said. "We continue to upgrade and modernize our systems, and there is no operational impact at this time" (see: Hackers Compromised Ivanti Devices Used by CISA).


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.