------------------------------------------------------------------------ Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument ------------------------------------------------------------------------ Yorick Koster, August 2018 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ This issue is mitigated in Ivanti Workspace Control version 10.3.0.0. The fix included in this version prevents the creation of XML files within the WMTemp folder, effectively preventing this issue from being exploited. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html
