Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM

CVE-2024-29824
9.6CRITICAL

Key Information

Vendor
Ivanti
Status
Epm
Vendor
CVE Published:
31 May 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The vulnerability CVE-2024-29824 is an unauthenticated SQL injection vulnerability affecting Ivanti EPM 2022 SU5 and earlier. It allows unauthenticated attackers within the same network to execute arbitrary code, earning it a critical 9.8 out of 10 CVSS score. A proof-of-concept exploit has been developed for this vulnerability and has been published by researchers. Ivanti has responded to the issue by promptly releasing a patch for CVE-2024-29824 on May 24, and organizations are strongly advised to upgrade to the latest version to prevent exploitation. The exploit allows attackers to take over an Ivanti system, potentially affecting other systems and compromising the organization. Despite Ivanti's recent history of security problems, they have responded promptly to this vulnerability. It is also recommended to keep management interfaces protected from the wider web to prevent unauthorized access to the Endpoint Manager.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-29824 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

EPM <= 2022 SU5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-29824
Created by horizon3ai

News Articles

favicon imageSC Media

Ivanti warns critical flaws in Endpoint Manager exploited in the wild

Ivanti is advising administrators to get up to date on their patches following a new spell of exploits against Endpoint Manager (EPM).

1 month ago

favicon imageNicolas Coolman

Ivanti, Critical Security Vulnerability CVE-2024-29824 SQL Injection - ZAM

On October 2, 2024, CISA issued an advisory regarding active exploitation of CVE-2024-29824, affecting Ivanti Endpoint Manager.

2 months ago

favicon imageThe Cyber Express

Critical Ivanti Vulnerability CVE-2024-29824 Under Attack

CISA warns of active exploitation of an Ivanti vulnerability, CVE-2024-29824. Patching required by October 23, 2024, to protect systems.

2 months ago

EPSS Score

32% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit exists.

  • Risk change from: 8.8 to: 9.6 - (CRITICAL)

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by GBHackers on Security

  • Risk change from: null to: 9.6 - (CRITICAL)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA Database1 Proof of Concept(s)15 News Article(s)
.