Skip to main content

Updates address ten critical vulnerabilities which if exploited could lead to remote code execution

Threat ID:CC-4547
Threat Severity:Medium
Published:11 September 2024 12:43 PM

Summary

Updates address ten critical vulnerabilities which if exploited could lead to remote code execution

Affected platforms

The following platforms are known to be affected:

Threat details

Public proof-of-concept exploit for CVE-2024-29847

proof-of-concept (POC) exploit for CVE-2024-29847 is publicly available. Exploitation of this vulnerability is more likely.


Introduction

Ivanti has released September 2024 security updates addressing sixteen vulnerabilities, including ten rated as critical affecting Endpoint Manager (EPM). Ivanti EPM is an all-in-one solution for managing devices endpoints within a network.

The vulnerability CVE-2024-29847 has a CVSSv3 score of 10.0 and could allow an unauthenticated, remote attacker to achieve remote code execution (RCE) via deserialization of untrusted data in the agent portal.

Nine further vulnerabilities have a CVSSv3 score of 9.1 and could allow a remote, authenticated attacker with admin privileges to achieve remote code execution via unspecified SQL injection.

The updates also address two high severity and four medium severity vulnerabilities. 

Threat updates

  
16 Sep 2024Public proof-of-concept exploit released for CVE-2024-29847

Remediation advice

Affected organisations are encouraged to review Security Advisory EPM September 2024 for EPM 2024 and EPM 2022 and apply any relevant security updates.

Definitive source of threat updates

CVE Vulnerabilities

StatusReserved
CVE-2024-37397
StatusPublished
CVE-2024-8191SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
StatusReserved
CVE-2024-32840
StatusReserved
CVE-2024-32842
StatusReserved
CVE-2024-32843
StatusReserved
CVE-2024-32845
StatusReserved
CVE-2024-32846
StatusReserved
CVE-2024-32848
StatusReserved
CVE-2024-34779
StatusReserved
CVE-2024-34783
StatusReserved
CVE-2024-34785
StatusPublished
CVE-2024-8320Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
StatusPublished
CVE-2024-8321Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
StatusPublished
CVE-2024-8322Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
StatusPublished
CVE-2024-29847Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
StatusPublished
CVE-2024-8441An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

Last edited: 16 September 2024 11:07 am

Back to top