Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument

["Securify B.V. via Fulldisclosure" <fulldisclosure () seclists org>]

------------------------------------------------------------------------
Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE
command line argument
------------------------------------------------------------------------
Yorick Koster, August 2018

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was found that the PowerGrid application can be used to run arbitrary
commands via the /SEE command line option. An attacker can abuse this
issue to bypass Application Whitelisting in order to run arbitrary code
on the target machine.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on Ivanti Workspace Control version
10.2.950.0.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue is mitigated in Ivanti Workspace Control version 10.3.0.0.
The fix included in this version prevents the creation of XML files
within the WMTemp folder, effectively preventing this issue from being
exploited.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/