Pierluigi Paganini September 11, 2024

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server

Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems.

The software firm released security updates to address a maximum security vulnerability, tracked as CVE-2024-29847, in its Endpoint Management software (EPM).

The vulnerability is a deserialization of untrusted data issue that resides in the agent portal, attackers can exploit the flaw to achieve remote code execution on the core server.

“Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.” reads the advisory published by the company.

Ivanti also fixed multiple critical, medium and high-severity vulnerabilities that can be exploited to achieve unauthorized access to the EPM core server. 

Critical SQL injection vulnerabilities CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, CVE-2024-34785 (CVSS scores of 9.1) could allow a remote authenticated attacker with admin privileges to execute arbitrary code on the core server.

The flaws impact Ivanti Endpoint Manager  versions 2024 and 2022 SU5 and earlier, the versions 2024 with Security Patch,  (Need to apply both July and September)2024 SU1 (To be released) and 2022 SU6 fixed the problems

The company is not aware of attacks in the wild exploiting the vulnerabilities in the advisory.

“We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.” concludes the advisory.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, SQL injection)