Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)

Ivanti released security updates to 16 security vulnerabilities of varying severities. Ten of these vulnerabilities are given a critical severity rating, while two are rated high and four are rated medium. Successful exploitation of the vulnerabilities could lead to unauthorized access to the EPM core server.

Ivanti Endpoint Manager is one place to manage user profiles and all client devices. The tool is available for Windows, macOS, Linux, and IoT. It provides extensive data about managed and unmanaged devices through industry-leading discovery and inventory technology.

CVE-2024-29847

The vulnerability has a critical severity rating with a CVSS score of 10. This deserialization of untrusted data exists in the agent portal of Ivanti EPM. The vulnerability allows a remote unauthenticated attacker to execute remote code on the target system.

CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, CVE-2024-34785

The vulnerabilities have a critical severity rating with a CVSS score of 9.1. The unspecified SQL injection vulnerability may allow a remote authenticated attacker with admin privileges to perform remote code execution.

CVE-2024-37397

The vulnerability has a high severity rating with a CVSS score of 8.2. The External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM may allow a remote unauthenticated attacker to leak API secrets.

CVE-2024-8191

The vulnerability has a high severity rating with a CVSS score of 7.8. The SQL injection vulnerability in the management console of Ivanti EPM may allow a remote unauthenticated attacker to achieve remote code execution.

CVE-2024-8441

The vulnerability has a high severity rating with a CVSS score of 6.7. An uncontrolled search path in the agent of Ivanti EPM may allow a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

CVE-2024-8321

The vulnerability has a high severity rating with a CVSS score of 5.8. Missing authentication in Network Isolation of Ivanti EPM may allow a remote unauthenticated attacker to isolate managed devices from the network.

CVE-2024-8320

The vulnerability has a high severity rating with a CVSS score of 5.3. Missing authentication in the Network Isolation of Ivanti EPM may allow a remote unauthenticated attacker to spoof the Network Isolation status of managed devices

CVE-2024-8322

The vulnerability has a high severity rating with a CVSS score of 4.3. Weak authentication in Patch Management of Ivanti EPM may allow a remote authenticated attacker to access restricted functionality.

Affected versions

  • Ivanti EPM 2024
  • Ivanti EPM 2022 prior to SU6

Mitigation

Ivanti has released a hot patch for EPM 2024 SU1 and 2022 SU6 to address vulnerabilities. 

Please refer to the Ivanti Security Advisory for more information. 

Qualys Detection

Qualys customers can scan their devices with QID 380477 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US

Leave a Reply

Your email address will not be published. Required fields are marked *