Ivanti releases patch for Endpoint Manager (EPM), fixing 6 critical items, PoC available
Take action: This patch didn't seem as scary as the previous Ivanti advisories, unitl a PoC was published in June. Exploiting requires close proximity to the EPM installation - on the same network. This means you have some time to properly plan for a patch. Don't ignore it, now it needs a patch.
Learn More
Ivanti has released security patches addressing multiple critical vulnerabilities in its Endpoint Manager (EPM). These vulnerabilities, which impact versions 2022 SU5 and earlier, include SQL Injection and remote code execution flaws that can be exploited by a remote attacker under certain conditions.
The critical Vulnerabilities are tracked as CVE-2024-29822, CVE-2024-29823, CVE-2024-29824, CVE-2024-29825, CVE-2024-29826, CVE-2024-29827, all of them (CVSS score 9.6) and all of them are an unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Ivanti has stated that they are not aware of any active exploits targeting these vulnerabilities in the wild.
Update - as of 12th of June 2024, security researchers at Horizon3.ai detail a proof-of-concept exploit for CVE-2024-29824 allow a hacker to perform a remote attack on multiple vulnerable devices across an enterprise.
