CVE-2023-39336: 
Ivanti Endpoint Manager vulnerability analysis and mitigation

An unspecified SQL Injection vulnerability (CVE-2023-39336) was discovered in Ivanti Endpoint Manager (EPM) affecting versions 2021 and 2022 prior to SU5. The vulnerability was disclosed on January 4, 2024, and received a critical CVSS score of 9.6. This vulnerability allows an attacker with access to the internal network to execute arbitrary SQL queries without requiring authentication (Arctic Wolf, Hacker News).

The vulnerability is classified as an SQL injection (CWE-89) that enables attackers to execute arbitrary SQL queries and retrieve output without authentication requirements. When the core server is configured to use SQL Express, this vulnerability can potentially lead to Remote Code Execution (RCE) on the core server. The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) from NIST and 9.6 (CRITICAL) from HackerOne (NVD).

The successful exploitation of this vulnerability could allow attackers to gain control over machines running the EPM agent and potentially achieve remote code execution on the core server. The vulnerability poses a significant risk as it requires no authentication and can be exploited by anyone with access to the internal network (SOCRadar).

Ivanti has released a patch to address this vulnerability in EPM 2022 SU5. Organizations are strongly recommended to upgrade their Ivanti EPM installations to the latest fixed version. The affected versions include EPM 2021 and EPM 2022 SU4 and prior versions (Arctic Wolf).