CVE-2023-39336
published 2024-01-09CVE-2023-39336: An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to…
PriorityP262high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
9.97%
95.0th percentile
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | < 2022 | 2022 |
| ivanti | endpoint_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit targets Ivanti EPM via unauthenticated SQL injection over the internal network — monitor for anomalous SQL query traffic or unexpected database output from EPM core server processes ↗
- →When the core server is configured to use SQL Express, successful exploitation may result in RCE on the core server — monitor for unexpected process spawning from the Ivanti EPM core server process, especially under SQL Express configurations ↗
- →Exploitation can lead to attacker control over machines running the EPM agent — monitor for unexpected lateral movement or configuration changes pushed to EPM-enrolled endpoints following core server compromise ↗
- →Vulnerability is exploitable in low-complexity attacks requiring no privileges or user interaction from an internal network position — prioritize detection of unauthenticated internal requests to EPM services ↗
- ·RCE on the core server only occurs under the specific condition that the core server is configured to use SQL Express — standard SQL Server configurations may not be directly vulnerable to RCE ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.6CRITICALCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mjhm-77r9-jwp4: An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal netwo
ghsa_unreviewed·2024-01-09
CVE-2023-39336 [CRITICAL] CWE-89 GHSA-mjhm-77r9-jwp4: An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal netwo
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.
Ivanti
Ivanti Security Advisory: CVE-2023-39336
vendor_ivanti·2024-01-09·CVSS 8.8
CVE-2023-39336 [HIGH] CWE-89 Ivanti Security Advisory: CVE-2023-39336
Ivanti Security Advisory: CVE-2023-39336
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.
CVE IDs: CVE-2023-39336
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-89
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Ivanti fixes maximum severity RCE bug in Endpoint Management software
blogs_bleepingcomputer·2024-09-10·CVSS 8.8
CVE-2024-29847 [HIGH] Ivanti fixes maximum severity RCE bug in Endpoint Management software
## Ivanti fixes maximum severity RCE bug in Endpoint Management software
## Sergiu Gatlan
Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server.
Ivanti EPM helps admins manage client devices that run various platforms, including Windows, macOS, Chrome OS, and IoT operating systems.
The security flaw (CVE-2024-29847) is caused by a deserialization of untrusted data weakness in the agent portal that has been addressed in Ivanti EPM 2024 hot patches and Ivanti EPM 2022 Service Update 6 (SU6).
"Successful exploitation could lead to unauthorized access to the EPM core server," the company said in an advisory published today.
For the moment, Ivanti added that they're "
Bleepingcomputer
Ivanti warns of Connect Secure zero-days exploited in attacks
blogs_bleepingcomputer·2024-01-10·CVSS 8.2
CVE-2023-46805 [HIGH] Ivanti warns of Connect Secure zero-days exploited in attacks
## Ivanti warns of Connect Secure zero-days exploited in attacks
## Sergiu Gatlan
Ivanti has disclosed two Connect Secure (ICS) and Policy Secure (IPS) zero-days exploited by suspected Chinese hackers in the wild that can let remote attackers execute arbitrary commands on targeted gateways.
The first security flaw (CVE-2023-46805) is an authentication bypass in the appliances' web component, enabling attackers to access restricted resources by circumventing control checks, while the second (tracked as CVE-2024-21887) is a command injection vulnerability that lets authenticated admins execute arbitrary commands on vulnerable appliances by sending specially crafted requests.
When successfully chaining the two zero days, threat actors can run arbitrary commands on all supported versions o
Checkpoint
8th January – Threat Intelligence Report
blogs_checkpoint·2024-01-08
CVE-2023-39336 8th January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 8th January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 1st January, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
After ransomware gang INC claimed an attack on Xerox, the company’s subsidiary, Xerox Business Solution (XBS), confirmed having suffered a cyber-attack. Xerox spokesperson said that although personal data from XBS may have been compromised, the attack was contained and did not affect any Xerox corporate systems, data or ope
Bleepingcomputer
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
blogs_bleepingcomputer·2024-01-04·CVSS 9.8
CVE-2023-39336 [CRITICAL] Ivanti warns critical EPM bug lets hackers hijack enrolled devices
## Ivanti warns critical EPM bug lets hackers hijack enrolled devices
## Sergiu Gatlan
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.
Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems.
The security flaw (tracked as CVE-2023-39336 ) impacts all supported Ivanti EPM versions, and it has been resolved in version 2022 Service Update 5.
Attackers with access to a target's internal network can exploit the vulnerability in low-complexity attacks that don't require privileges or user interaction.
"If exploited, an attacker with access to the internal network can lev
2024-01-09
Published