This entry was added only on 19.2.2024. The vulnerability was addressed by the vendor on 02.12.2021, however it was not disclosued as a backdoor or a zero-day.
Vulnerability details
Advisory: SB2021120828 - Code injection in Ivanti Endpoint Manager
Vulnerable component: Endpoint Manager
CVE-ID: CVE-2021-44529
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-506 - Embedded Malicious Code
Description:
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) within the "/opt/landesk/broker/webroot/lib/csrf-magic.php" file. A remote non-authenticated attacker can set specially crafted cookies and gain unauthorized access to the application.
Note, the vulnerability patched in 2021 by Ivanti is considered a backdoor.
Public Exploits:
- Ivanti Endpoint Manager 4.6 - Remote Code Execution (RCE) [Exploit-DB]