top of page
Clipeus

Ivanti Endpoint Manager Vulnerability



On 4 January 2024, Ivanti released an advisory concerning a critical severity vulnerability tracked as CVE-2023-39336 (CVSS score estimated to be 9.6) impacting Endpoint Manager (EPM) 2022 SU4 and all prior versions.


The flaw enables a potential unauthenticated attacker with internal network access to leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output. Ramifications of the attack may include full takeover of the machines running the EPM agent. Additionally when the core server is configured to use Microsoft SQL Express, this might lead to remote code execution on the core server.



If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page