Main Vulnerability Database Exploits ID:9552 - Exploit for Embedded malicious code (backdoor) in Endpoint Manager - CVE-2021-44529

ID:9552 - Exploit for Embedded malicious code (backdoor) in Endpoint Manager - CVE-2021-44529

Published: February 19, 2024

Vulnerability identifier: #VU86573

Vulnerability risk: Critical

CVE-ID: CVE-2021-44529

CWE-ID: CWE-506

Exploitation vector: Remote access

Vulnerable software:
Endpoint Manager

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/http/ivanti_csa_unauth_rce_cve_2021_44529

Vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) within the "/opt/landesk/broker/webroot/lib/csrf-magic.php" file. A remote non-authenticated attacker can set specially crafted cookies and gain unauthorized access to the application.

Note, the vulnerability patched in 2021 by Ivanti is considered a backdoor.

Remediation

Install updates from vendor's website.

ID:9552 - Exploit for Embedded malicious code (backdoor) in Endpoint Manager - CVE-2021-44529

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human