Software: Ivanti Endpoint Manager
Affected Versions: <= 2020.1.1
Vendor page: www.ivanti.com
CVE Reference: CVE-2020-13772
Published: 13/11/2020
CVSS 3.1 Score: 5.3 – AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector: Remote, unauthenticated
Credits: Andrei Constantin Scutariu, Lenk Ratchakrit, Calvin Yau
Summary
Ivanti Unified Endpoint Manager’s “ldcient” component expose information about the system that could be used in further attacks against the system.
Mitigation
There is currently no fix for this issue. The vendor has yet to release a patch to address the vulnerability; it is advised to review the host configuration and monitor for suspicious activity. If possible, consider disabling or whitelisting access to the affected URLs.
Technical details
The following endpoint expose information about the system, such as environment variables, domain name, internal paths and CPU information:
- /ldclient/ldprov.cgi, HTTP 9595
- /ldclient/ldprov.cgi, HTTPS 9594
- /ldclient/ldprov.cgi, HTTPS 9593
Timeline
15/04/2020: Issue reported to the vendor
16/04/2020: Vendor acknowledged the issues
02/06/2020: CVE number assigned from MITRE
13/07/2020: 90 days notice period for disclosure given to the vendor
13/11/2020: Advisory published by JUMPSEC