Article Details
Scrape Timestamp (UTC): 2024-09-10 19:33:34.401
Original Article Text
Click to Toggle View
Ivanti fixes maximum severity RCE bug in Endpoint Management software. Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. Ivanti EPM helps admins manage client devices that run various platforms, including Windows, macOS, Chrome OS, and IoT operating systems. The security flaw (CVE-2024-29847) is caused by a deserialization of untrusted data weakness in the agent portal that has been addressed in Ivanti EPM 2024 hot patches and Ivanti EPM 2022 Service Update 6 (SU6). "Successful exploitation could lead to unauthorized access to the EPM core server," the company said in an advisory published today. For the moment, Ivanti added that they're "not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise." Today, it also fixed almost two dozen more high and critical severity flaws in Ivanti EPM, Workspace Control (IWC), and Cloud Service Appliance (CSA) that haven't been exploited in the wild before being patched. In January, the company patched a similar RCE vulnerability (CVE-2023-39336) in Ivanti EPM that could be exploited to access the core server or hijack enrolled devices. Rise in fixed flaws due to security improvements Ivanti said it had escalated internal scanning, manual exploitation, and testing capabilities in recent months while also working on improving its responsible disclosure process to address potential issues faster. "This has caused a spike in discovery and disclosure, and we agree with CISAs statement that the responsible discovery and disclosure of CVEs is 'a sign of healthy code analysis and testing community,'" Ivanti said. This statement follows extensive in-the-wild exploitation of multiple Ivanti zero-days in recent years. For instance, Ivanti VPN appliances have been targeted since December 2023 using exploits chaining the CVE-2024-21887 command injection and the CVE-2023-46805 authentication bypass flaws as zero days. The company also warned of a third zero-day (a server-side request forgery bug now tracked as CVE-2024-21893) under mass exploitation in February, allowing attackers to bypass authentication on vulnerable ICS, IPS, and ZTA gateways. Ivanti says it has over 7,000 partners worldwide, and over 40,000 companies use its products to manage their IT assets and systems.
Daily Brief Summary
Ivanti has remediated a critical remote code execution (RCE) vulnerability in its Endpoint Management software, which could have allowed unauthenticated attackers to control the core server.
The vulnerability, identified as CVE-2024-29847, stemmed from a deserialization issue in the agent portal and has been fixed in the latest service updates.
Alongside this severe RCE flaw, Ivanti also resolved nearly two dozen other high and critical severity issues across various products including Workspace Control and Cloud Service Appliance.
This patching effort follows a recent uplift in Ivanti's internal security processes, including enhanced scanning and testing, aimed at identifying and mitigating vulnerabilities more promptly.
No known public exploits of this particular vulnerability have been reported at the time of the announcement, nor have there been any known impacts on customers.
The company previously patched a similar RCE flaw in January and has experienced significant exploitation of multiple zero-day vulnerabilities in its products over recent years.
Ivanti's global presence includes over 7,000 partners and its products are employed by more than 40,000 organizations worldwide for IT asset management.