CVE-2023-28324: 
Ivanti Endpoint Manager vulnerability analysis and mitigation

A critical improper input validation vulnerability (CVE-2023-28324) exists in Ivanti Endpoint Manager (EPM) 2022 and below. The vulnerability was disclosed on June 7th, 2023, affecting the AgentPortal service component. This vulnerability has received a CVSS v3.1 base score of 9.8 (CRITICAL), indicating its severe nature (NVD).

The vulnerability exists in the AgentPortal.exe service, which is a .NET binary located at C:\Program Files\LanDesk\ManagementSuite\AgentPortal.exe. The service creates a .NET Remoting interface that allows for remote code execution through improper input validation. The vulnerability specifically exists in the ProcessRunProgramAction handler, which provides an attacker with the ability to execute arbitrary programs (Horizon3).

The vulnerability allows an attacker to achieve remote code execution (RCE) with SYSTEM privileges on affected systems. This level of access enables complete system compromise, allowing attackers to execute arbitrary commands with the highest privileges (NVD).

The vulnerability has been patched in EPM 2021.1 SU4 and EPM 2022 SU2. The fix restricts the programs that can be executed through ProcessRunProgramAction to only ping.exe and tracert.exe. Organizations are strongly advised to update to these patched versions (Horizon3).