Remote Code Execution Vulnerability in Ivanti EPM Agent Portal

Summary

The vulnerability (CVE-2024-29847) affects the agent portal of Ivanti Endpoint Manager, allowing remote unauthenticated attackers to achieve remote code execution. Ivanti has released updates to fix this vulnerability, as well as 15 additional vulnerabilities, including critical SQL injection flaws and an external XML Entity (XXE) vulnerability. While none of these vulnerabilities are currently being exploited, it is crucial for admins to upgrade their installations quickly to mitigate the potential risk. The company has also increased its efforts to improve product security and has pledged to intensify its internal scanning, manual exploitation, and testing capabilities. These updates reflect Ivanti taking security more seriously following a series of zero-day vulnerabilities in its solutions being exploited by attackers.

News Articles

BleepingComputer

CVE-2024-29847

Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices.

2 days ago

CSO Online

CVE-2024-8190CVE-2024-29847

Newly patched Ivanti CSA flaw under active exploitation

The Cloud Service Appliance command injection vulnerability — patched as part of the final update for end-of-life CSA version 4.6 — has been attacked in the wild, Ivanti confirms.

6 days ago

Help Net Security

CVE-2024-29847

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) - Help Net Security

Ivanti has fixed a slew of vulnerabilities in Endpoint Manager, including a maximum severity one RCE flaw (CVE-2024-29847).

1 week ago