Ivanti warns of critical vulnerability in its popular line of endpoint protection software

Ivanti warns of critical vulnerability in its popular line of endpoint protection software

9 months ago
Anonymous $6hYC3Wwiad

https://arstechnica.com/security/2024/01/ivanti-warns-of-critical-vulnerability-in-its-popular-line-of-endpoint-protection-software/

Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks.

The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known as the Ivanti EPM, the software runs on a variety of platforms, including Windows, macOS, Linux, Chrome OS, and Internet of Things devices such as routers. SQL injection vulnerabilities stem from faulty code that interprets user input as database commands or, in more technical terms, from concatenating data with SQL code without quoting the data in accordance with the SQL syntax. CVE-2023-39336, as the Ivanti vulnerability is tracked, carries a severity rating of 9.6 out of a possible 10.

Ivanti warns of critical vulnerability in its popular line of endpoint protection software

Fri Jan 5, 11:26pm UTC
https://arstechnica.com/security/2024/01/ivanti-warns-of-critical-vulnerability-in-its-popular-line-of-endpoint-protection-software/ > Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. > The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known as the Ivanti EPM, the software runs on a variety of platforms, including Windows, macOS, Linux, Chrome OS, and Internet of Things devices such as routers. SQL injection vulnerabilities stem from faulty code that interprets user input as database commands or, in more technical terms, from concatenating data with SQL code without quoting the data in accordance with the SQL syntax. CVE-2023-39336, as the Ivanti vulnerability is tracked, carries a severity rating of 9.6 out of a possible 10.