Ivanti released a security advisory to address ten vulnerabilities in its Endpoint Manager. The vulnerabilities are given critical and high security vulnerabilities.
On successful exploitation, an attacker with access to the internal network can execute arbitrary SQL queries and retrieve output without needing authentication. This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL Express, this might lead to RCE on the core server.
Ivanti Endpoint Manager is one place to manage user profiles and all client devices. The tool is available for Windows, macOS, Linux, and IoT. It provides extensive data about managed and unmanaged devices through industry-leading discovery and inventory technology.
CVE-2024-29822, CVE-2024-29823, CVE-2024-29824, CVE-2024-29825, CVE-2024-29826, & CVE-2024-29827
These unspecified SQL Injection vulnerabilities exist in the Core server of Ivanti EPM 2022 SU5 and older versions. The vulnerabilities may allow an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-29828, CVE-2024-29829, CVE-2024-29830, & CVE-2024-29846
These unspecified SQL Injection vulnerabilities exist in the Core server of Ivanti EPM 2022 SU5 and older versions. The vulnerabilities may allow an authenticated attacker within the same network to execute arbitrary code.
Affected Versions
This vulnerability impacts Ivanti EPM 2021 and EPM 2022 before SU5. Older versions or releases are also at risk.
Mitigation
Ivanti has released a hot patch for EPM 2022 SU5 to address vulnerabilities.
Please refer to the Ivanti Security Advisory for more information.
Qualys Detection
Qualys customers can scan their devices with QID 379863 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
