Latest Articles
Advisory CVE-2020-13773 - Ivanti Unified Endpoint Manager Reflected XSS
Software: Ivanti Endpoint Manager Affected Versions: <= 2020.1.1 Vendor page: www.ivanti.com CVE Reference: CVE-2020-13773 Published: 13/11/2020 CVSS 3.1 Score: 5.5 - AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Attack Vector: Remote, authenticated Credits: Andrei Constantin Scutariu, Lenk Ratchakrit, Calvin Yau Summary Various web pages on Ivanti Unified Endpoint Manager web management console lack proper input validation on parameters passed in HTTP request, leaving the application vulnerable to client-side attacks. An attacker able to cause the victim to open a malicious URL would obtain javascript code execution on the victim’s browser and potentially be able to obtain sensitive information and execute actions on their behalf.
November 13, 2020,Andrei Constantin Scutariu
Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon
Background Recently we posted a bunch of advisories relating to Ivanti Unified Endpoint Manager, a couple of which are for vulnerabilities which can be used to achieve local privilege escalation. At JUMPSEC, whenever we find a new vulnerability, we like to challenge ourselves to write rules to detect it being exploited. We learn a lot doing this, it’s kind of fun tweaking the exploit to try and evade detection and really challenges us to write good detection rulesets.
November 13, 2020,Andrei Constantin Scutariu
Advisory CVE-2020-13774 - Ivanti Unified Endpoint Manager authenticated RCE via file upload
Software: Ivanti Endpoint Manager Affected Versions: <= 2020.1; <= 2019.1.3 Vendor page: www.ivanti.com CVE Reference: CVE-2020-13774 Published: 12/11/2020 CVSS 3.1 Score: 9.9 - AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector: Remote, authenticated Credits: Andrei Constantin Scutariu, Lenk Ratchakrit, Calvin Yau Summary Improper validation on file upload functionality present in Ivanti Unified Endpoint Manager’s web management console permits an authenticated user to upload .aspx files and execute them on the MS IIS server’s context. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.
November 12, 2020,Andrei Constantin Scutariu