.png)
Summary
On 10-Sep-2024 Ivanti released
a security advisory EPM September 2024 to address multiple vulnerabilities
affecting the Ivanti Endpoint Manager (EPM). The most severe of these
vulnerabilities, CVE-2024-29847, has a severity score of 10.0. If exploited,
this vulnerability could allow remote attackers to execute remote code through
the deserialisation of untrusted data. This vulnerability, along with multiple
SQL injection vulnerabilities, places endpoints managed by Ivanti EPM at a high
risk of compromise and could lead to a complete system takeover.
The Security advisory includes: -
· 2 High severity vulnerabilities
Ivanti Endpoint Manager is a comprehensive solution that
provides centralised control over various devices, offering robust tools for
managing and securing endpoints across an organisation’s network.
We strongly recommend that organisations running affected product
versions upgrade to the latest supported software versions as soon as possible.
What are the Vulnerabilities?
We are providing the CVE score and 3.x severity rating
assigned by the vendor at the time of disclosure
- CVE-2024-29847: CVSS 10.0 - CRITICAL - Deserialization of untrusted data in the agent portal of Ivanti EPM- A critical deserialisation of untrusted data vulnerability in the agent portal that could allow unauthenticated remote attackers to achieve remote code execution. which could be exploited remotely to execute arbitrary code without the need for authentication. This opens the door to a range of potential attacks, from data theft to ransomware deployment, and could result in significant disruptions to enterprise operations.
- CVE-2024-32840 to CVE-2024-34785: CVSS 9.1-CRITICAL- Unspecified SQL injection in Ivanti EPM - A series of SQL injection vulnerabilities that allow remote authenticated attackers with administrative privileges to execute arbitrary code. These vulnerabilities lead to the elimination of input validation mechanisms within the management console, giving attackers the ability to manipulate SQL queries and gain unauthorised access within the EPM environment.
- CVE-2024-8320: CVSS 5.3 and CVE-2024-8321: CVSS 5.8 – MEDIUM - Missing authentication vulnerabilities in the Network Isolation – A missing authentication vulnerabilities in the Network Isolation feature of Ivanti EPM. These vulnerabilities could allow a remote unauthenticated attacker to manipulate the network isolation status of managed devices, potentially disconnecting or spoofing the isolation of critical devices on the network.
- CVE-2024-8441: CVSS 6.7 – MEDIUM- Uncontrolled search path vulnerability in the EPM agent - Uncontrolled search path vulnerability in the EPM agent vulnerability, which allows local attackers with administrative privileges to escalate their permissions to the SYSTEM level, thereby gaining complete control over the local machine.
The complete list of CVEs is available here
What is Vulnerable?
·
Ivanti Endpoint Manager
o
Version 2024
o
Version 2022 SU5 and earlier
What has been Observed?
Ivanti strongly advises all customers to update their Ivanti
EPM installations to the latest versions to mitigate the risks.
Recommendations:
·
Review Security
Advisory EPM September 2024 for EPM 2024 and EPM 2022
·
Identify the vulnerable product versions within
your environment
o
Refer to How
to Install a Service Update on an Ivanti Endpoint Manager Core Server
o
If identified upgrade
to the updated versions
Post a Comment