Remote Code Execution Vulnerability in Ivanti EPM Agent Portal

Summary

The vulnerability (CVE-2024-29847) affects the agent portal of Ivanti Endpoint Manager, allowing remote unauthenticated attackers to achieve remote code execution. Ivanti has released updates to fix this vulnerability, as well as 15 additional vulnerabilities, including critical SQL injection flaws and an external XML Entity (XXE) vulnerability. While none of these vulnerabilities are currently being exploited, it is crucial for admins to upgrade their installations quickly to mitigate the potential risk. The company has also increased its efforts to improve product security and has pledged to intensify its internal scanning, manual exploitation, and testing capabilities. These updates reflect Ivanti taking security more seriously following a series of zero-day vulnerabilities in its solutions being exploited by attackers.

News Articles

The Stack

CVE-2024-0132CVE-2024-29847

October Patch Tuesday: MSFT patches 2 exploited zero days

Microsoft has patched a brace of zero days that are under active attack as part of October Patch Tuesday 2024.

1 month ago

BleepingComputer

CVE-2024-29847

Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices.

2 months ago

CSO Online

CVE-2024-8190CVE-2024-29847

Newly patched Ivanti CSA flaw under active exploitation

The Cloud Service Appliance command injection vulnerability — patched as part of the final update for end-of-life CSA version 4.6 — has been attacked in the wild, Ivanti confirms.

2 months ago

More News...