Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM
CVE-2024-29824
Key Information:
Badges
What is CVE-2024-29824?
CVE-2024-29824 is a critical security vulnerability found in Ivanti Endpoint Manager (EPM) versions 2022 SU5 and earlier. This software is designed to help manage endpoints within an organization, offering features for device management and security. The vulnerability allows unauthenticated attackers within the same network to execute arbitrary code on the Core server, which could lead to severe security breaches. A successful exploit can compromise the integrity of the system, leading to unauthorized access and manipulation of sensitive data, ultimately affecting an organization’s operational capabilities and trustworthiness.
Technical Details
The vulnerability in CVE-2024-29824 is classified as an SQL Injection flaw. This type of vulnerability occurs when an attacker is able to manipulate SQL queries by injecting malicious code into them. In this case, it affects the Core server component of Ivanti EPM, allowing attackers without authentication to perform arbitrary code execution. This weakness can be exploited by sending specially crafted SQL queries through the application, potentially resulting in full control over the database and the underlying server environment.
Impact of the Vulnerability
-
Unauthorized Code Execution: Attackers can execute arbitrary code on the Core server, leading to potential backdoor access that may enable further malicious activities.
-
Data Compromise: The vulnerability can facilitate unauthorized access to sensitive data stored within the EPM system, which could be exploited for identity theft, data manipulation, or exfiltration.
-
Network Security Risks: As the vulnerability allows unauthenticated entry within the same network, it poses a significant risk of lateral movement, enabling attackers to target additional systems and escalate their attack across the organization’s infrastructure.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
EPM 2022 SU5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Ivanti warns critical flaws in Endpoint Manager exploited in the wild
Ivanti is advising administrators to get up to date on their patches following a new spell of exploits against Endpoint Manager (EPM).
3 months ago
Nicolas CoolmanCVE-2024-29824Ivanti, Critical Security Vulnerability CVE-2024-29824 SQL Injection - ZAM
On October 2, 2024, CISA issued an advisory regarding active exploitation of CVE-2024-29824, affecting Ivanti Endpoint Manager.
3 months ago
The Cyber ExpressCVE-2024-29824Critical Ivanti Vulnerability CVE-2024-29824 Under Attack
CISA warns of active exploitation of an Ivanti vulnerability, CVE-2024-29824. Patching required by October 23, 2024, to protect systems.
3 months ago
References
EPSS Score
27% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 🦅
CISA Reported
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by GBHackers on Security
Vulnerability published
Vulnerability Reserved