Ivanti Releases September 2024 Updates for EPM

Updates address ten critical vulnerabilities which if exploited could lead to remote code execution

Threat ID:: CC-4547
Threat Severity:: Medium
Published:: 11 September 2024 12:43 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Updates address ten critical vulnerabilities which if exploited could lead to remote code execution

Affected platforms

The following platforms are known to be affected:

Versions: 2024, 2022 SU5 and earlier

Ivanti Endpoint Manager

Threat details

Public proof-of-concept exploit for CVE-2024-29847

A proof-of-concept (POC) exploit for CVE-2024-29847 is publicly available. Exploitation of this vulnerability is more likely.

Introduction

Ivanti has released September 2024 security updates addressing sixteen vulnerabilities, including ten rated as critical affecting Endpoint Manager (EPM). Ivanti EPM is an all-in-one solution for managing devices endpoints within a network.

The vulnerability CVE-2024-29847 has a CVSSv3 score of 10.0 and could allow an unauthenticated, remote attacker to achieve remote code execution (RCE) via deserialization of untrusted data in the agent portal.

Nine further vulnerabilities have a CVSSv3 score of 9.1 and could allow a remote, authenticated attacker with admin privileges to achieve remote code execution via unspecified SQL injection.

The updates also address two high severity and four medium severity vulnerabilities.

Threat updates

Date	Update
16 Sep 2024	Public proof-of-concept exploit released for CVE-2024-29847

Remediation advice

Affected organisations are encouraged to review Security Advisory EPM September 2024 for EPM 2024 and EPM 2022 and apply any relevant security updates.

Definitive source of threat updates

https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US&_gl=1*1qsmbvz*_gcl_au*MjAxODEyMTExNC4xNzIzNTUxNzk1

CVE Vulnerabilities

Status Reserved

CVE-2024-37397

Status Published

CVE-2024-8191

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

CVE-2024-32840

CVE-2024-32842

CVE-2024-32843

CVE-2024-32845

CVE-2024-32846

CVE-2024-32848

CVE-2024-34779

CVE-2024-34783

CVE-2024-34785

CVE-2024-8320

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

Status Published

CVE-2024-8321

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

Status Published

CVE-2024-8322

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

Status Published

CVE-2024-29847

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

Status Published

CVE-2024-8441

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

Last edited: 16 September 2024 11:07 am