Critical RCE Bug in Ivanti Endpoint Manager: PoC Exploit Available

June 13, 2024

A critical vulnerability, CVE-2024-29824, has been discovered in Ivanti Endpoint Manager, a centralized endpoint management solution. This bug, an SQL injection issue, was first identified by an independent researcher and sold to Trend Micro's Zero Day Initiative (ZDI). The vulnerability, which allows unauthenticated attackers to perform remote code execution (RCE) in the program, has been rated as critical, with a 9.8 out of 10 CVSS score.

Dustin Childs, head of threat awareness at ZDI, has noted that the flaw resides in 'RecordGoodApp', a method within a dynamic link library (DLL) file named 'PatchBiz', which is part of the program's core server. This flaw doesn't sufficiently validate user input data before constructing SQL queries. As a result, an attacker can exploit this vulnerability by sending a simple request to an endpoint handling events.

Ivanti has faced several security issues this year, with numerous zero-day vulnerabilities and exploits. However, Childs commends Ivanti's handling of this latest vulnerability, stating: 'It's not like we had to convince them [to patch]. We reported it to them, and they immediately got on it. They produced a patch within six weeks. That's about as good as you're going to see.'

Ivanti released a patch for CVE-2024-29824 on May 24, alongside its disclosure. It is recommended that customers implement this patch as soon as possible, as threat actors have a history of exploiting Ivanti vulnerabilities. In addition to patching, organizations should focus on protecting their management interfaces from the wider web. Childs advises: 'Make sure that if your Endpoint Manager is Internet accessible, you restrict it to some very specific IP addresses that are [trusted].'

Despite the recent challenges, Ivanti has shown significant progress in addressing these security problems in a timely manner.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.