CVE-2021-44529

Overview

Ivanti EPM Cloud Services Appliance (CSA) contains a code injection vulnerability that allows unauthenticated users to execute arbitrary code with limited permissions (nobody user). The vulnerability exists in versions before 4.6.0-512 and requires no authentication to exploit. The vulnerability was disclosed on December 8, 2021. CISA has identified CVE-2021-44529 as being exploited and is known to be used in ransomware campaigns.

Technical details

The Ivanti EPM Cloud Services Appliance contains a code injection vulnerability in its web interface that allows unauthenticated attackers to execute arbitrary code. The vulnerability stems from improper input validation and sanitization of user-supplied data that gets processed by the application without proper security checks.

The vulnerability is classified as CWE-94 (Improper Control of Generation of Code ('Code Injection')) andCWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')) .

The vulnerability has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating its critical nature.

Impact

Attackers can execute arbitrary code on the affected system with limited permissions (nobody user). While the code execution context is restricted, attackers can still potentially read sensitive data, modify system configuration, launch further attacks, or disrupt service availability. This is a critical vulnerability as it allows unauthenticated remote code execution on a network-accessible appliance.

Mitigation and workarounds

Upgrade Ivanti EPM Cloud Services Appliance to version 4.6.0-512 or later. Contact Ivanti support for upgrade assistance and detailed instructions specific to your deployment. The following versions include the necessary fixes: 4.6.0-512 and later.

As temporary workarounds: implement network-level access controls to restrict access to the ivanti epm csa web interface to trusted networks/ip addresses only. use a web application firewall (waf) or network firewall to limit inbound traffic.; disable unnecessary network services and endpoints on the appliance if they are not required for your deployment., and monitor system logs and network traffic for suspicious patterns indicative of code injection attempts..

CISA's recommendation: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional resources

Source: This report was generated using AI

Vulnerability Management

Attack Surface Management

Cloud Security

AI Security Automation

Credentials Leaks Monitoring

Integrations

External Scanning

Attack Surface Monitoring

DAST

Website Security

Risk Based Prioritization

API Security

Asset Discovery

Emerging Threat Detection

CSPM

Compliance

Cyber Hygiene Reporting

Internal Scanning

Compare Vullify

Qualys Alternative

Tenable Alternative

Rapid7 Alternative

Intruder Alternative

Detectify Alternative

Acunetix Alternative

Invicti Alternative

Pentest-Tools Alternative

Security

Blog

Cyber Glossary

Vulnerability Database

Customers

Help Center

Customer Stories

Developer Hub

About

Press

Partners

Careers

Contact

Book a Demo

Endpoint Manager Cloud Service Appliance (EPM CSA) vulnerability analysis and mitigation — CRITICAL (CVSS 9.8)

Overview

Technical details

Impact

Mitigation and workarounds

Additional resources

Related Ivanti Vulnerabilities

Platform

Solutions

Resources

Company