Skip to main content

Sixteen vulnerabilities have been seen in products including Avalanche, Connect Secure, Secure Access, and EPM

Threat ID:CC-4499
Threat Severity:Medium
Published:22 May 2024 4:58 PM

Summary

Sixteen vulnerabilities have been seen in products including Avalanche, Connect Secure, Secure Access, and EPM

Affected platforms

The following platforms are known to be affected:

Ivanti Avalanche
Ivanti Neurons for IT Service Management (ITSM)
Ivanti Connect Secure
Ivanti Policy Secure
Ivanti Secure Access (formerly known as Pulse Secure Desktop Client)
Ivanti Endpoint ManagerEPM

Threat details

Introduction

Ivanti has disclosed 16 vulnerabilities, all with CVSSv3 scores of 7.3 and higher, in multiple product lines in their May 2024 security advisory. The advisory has links to the specific knowledge base articles addressing the vulnerabilities. Some of the impacts of these vulnerabilities could be a denial-of-service condition, arbitrary code executionprivilege escalationcross-site scripting, and others.


Exploitation of CVE-2024-29824

The US Cybersecurity and Infrastructure Security Agency (CISA) have added CVE-2024-29824 to the list of Known Exploited Vulnerability Catalog, which indicates that it is being exploited in the wild. Proof-of-concept code was made available in June 2024.

Threat updates

  
3 Oct 2024CVE-2024-29824 added to CISA KEV
17 Jun 2024A proof-of-concept for the exploitation of CVE-2024-29824 has been publicly released.

The cyber alert has been updated to reflect this change

Remediation advice

Affected organisations are encouraged to review Ivanti Security Advisory May 2024 and apply any relevant security updates.

Remediation steps

  
Patch

Ivanti Avalanche

CVE-2024-29848 


https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed
Patch

Ivanti Neurons for ITSM

  • CVE-2024-22059
  • CVE-2024-22060 

**Cloud Customers: The hotfix has been applied to all Ivanti Neurons for ITSM landscapes
**On Premise Customers: A patch is available on the Ivanti Neurons for ITSM Downloads page named "Ivanti Neurons for ITxM 2023.X Hotfix 2" for each respective 2023.X version. This will require upgrading to 2023.X to apply the patch


https://forums.ivanti.com/s/article/KB-CVE-2024-22059-and-CVE-2024-22060-for-Ivanti-Neurons-for-ITSM
Patch

Ivanti Connect Secure (ICS), (formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways

CVE-2023-38551


https://forums.ivanti.com/s/article/KB-Security-Advisory-Ivanti-Connect-Secure-Ivanti-Policy-Secure-May-2024
Patch

Ivanti Secure Access (formerly known as Pulse Secure Desktop Client)

  • CVE-2023-38042
  • CVE-2023-46810

https://forums.ivanti.com/s/article/KB-Security-Advisory-Ivanti-Secure-Access-Client-May-2024
Patch

Ivanti Endpoint Manager (EPM)

  • CVE-2024-29822
  • CVE-2024-29823
  • CVE-2024-29824
  • CVE-2024-29825
  • CVE-2024-29826
  • CVE-2024-29827
  • CVE-2024-29828
  • CVE-2024-29829
  • CVE-2024-29830
  • CVE-2024-29846

https://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-29848An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
StatusPublished
CVE-2024-22059A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
StatusPublished
CVE-2024-22060An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
StatusPublished
CVE-2023-38551A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.
StatusPublished
CVE-2023-38042A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.
StatusPublished
CVE-2023-46810A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
StatusPublished
CVE-2024-29822An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
StatusPublished
CVE-2024-29823An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
StatusPublished
CVE-2024-29824An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
StatusPublished
CVE-2024-29825An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
StatusPublished
CVE-2024-29826An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
StatusPublished
CVE-2024-29827An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
StatusPublished
CVE-2024-29828An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
StatusPublished
CVE-2024-29829An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
StatusPublished
CVE-2024-29830An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
StatusPublished
CVE-2024-29846An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

Last edited: 3 October 2024 3:29 pm

Back to top