Ivanti Addresses Critical RCE Vulnerability in Endpoint Management Software

September 10, 2024

Ivanti has successfully patched a critical vulnerability in its Endpoint Management software (EPM), which could have allowed unauthenticated attackers to remotely execute code on the core server. The software is used by administrators to manage client devices running a variety of platforms including Windows, macOS, Chrome OS, and IoT operating systems.

The security flaw, identified as CVE-2024-29847, was due to a deserialization of untrusted data weakness in the agent portal. This issue has been addressed in the recent hot patches for Ivanti EPM 2024 and Ivanti EPM 2022 Service Update 6 (SU6). 'Successful exploitation could lead to unauthorized access to the EPM core server,' Ivanti stated in an advisory.

The company also noted that they were not aware of any customers who had been exploited by these vulnerabilities at the time of disclosure. There is currently no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise.

Along with this, Ivanti has also fixed nearly two dozen more high and critical severity flaws in its software offerings, including Ivanti EPM, Workspace Control (IWC), and Cloud Service Appliance (CSA), none of which have been exploited in the wild prior to being patched.

Earlier in the year, Ivanti patched a similar RCE vulnerability, CVE-2023-39336, in its EPM software that could have been exploited to gain access to the core server or hijack enrolled devices. The company stated that it has increased internal scanning, manual exploitation, and testing capabilities in recent months, while also working on improving its responsible disclosure process to address potential issues more quickly.

The company's statement comes after several Ivanti zero-days were exploited in the wild in recent years. For example, Ivanti VPN appliances have been targeted since December 2023 using exploits chaining the CVE-2024-21887 command injection and the CVE-2023-46805 authentication bypass flaws as zero days. Ivanti also warned of a third zero-day, a server-side request forgery bug now tracked as CVE-2024-21893, under mass exploitation in February, which allowed attackers to bypass authentication on vulnerable ICS, IPS, and ZTA gateways.

Related News

• Ivanti Alerts Customers to Patch Critical Authentication Bypass Vulnerability in Virtual Traffic Manager
• CISA and FBI Call on Developers to Eliminate OS Command Injection Vulnerabilities
• CISA Confirms Data Breach in Chemical Security Assessment Tool: Potential Exposure of Sensitive Information
• MITRE Corporation Cyber Attack: Hackers Utilize Rogue VMs to Evade Detection
• Mirai Botnet Exploits Ivanti Connect Secure Vulnerabilities

Latest News

• Microsoft's September 2024 Patch Tuesday Addresses 79 Security Flaws Including 4 Zero-days
• CISA Adds SonicWall SonicOS, ImageMagick, and Linux Kernel Bugs to Its Known Exploited Vulnerabilities Catalog
• Akira Ransomware Group Exploits SonicWall Vulnerability for Remote Code Execution
• Chinese APT Group Mustang Panda Exploits Visual Studio Code in Southeast Asian Cyberattacks
• Critical 10/10 Severity RCE Vulnerability Identified in Progress LoadMaster