Remote Code Execution Vulnerability in Ivanti EPM Agent Portal

CVE-2024-29847

9.8CRITICAL

Key Information

Vendor
Ivanti
Status
Epm
Vendor
CVE Published:
12 September 2024

Badges

πŸ”₯ No. 1 TrendingπŸ˜„ TrendedπŸ‘Ύ Exploit ExistsπŸ”΄ Public PoCπŸ“° News Worthy

What is CVE-2024-29847?

CVE-2024-29847 is a serious remote code execution vulnerability affecting the Ivanti Endpoint Manager (EPM) Agent Portal, specifically in versions prior to the 2022 SU6 and the September 2024 update. This vulnerability arises from the deserialization of untrusted data, permitting a remote unauthenticated attacker to execute arbitrary code on the affected system. Such a breach could have catastrophic consequences for organizations utilizing Ivanti EPM for endpoint management, potentially compromising sensitive data and system integrity.

Technical Details

The vulnerability centers on how the Ivanti EPM Agent Portal processes serialized data. Versions preceding the specified updates are susceptible to exploitation via malicious input data, which can lead to unauthorized code execution without needing prior authentication. Attackers can leverage this weakness to execute commands on the server, gain access to the system, and manipulate it in various harmful ways.

Impact of the Vulnerability

  1. Remote Code Execution: The primary impact of CVE-2024-29847 is the potential for remote code execution, which allows attackers to run arbitrary code on vulnerable systems, giving them extensive control over affected environments.

  2. Data Breach Risk: Exploitation of this vulnerability could lead to significant data breaches, as attackers may gain access to sensitive organizational data and user information, leading to data theft or data leakage.

  3. System Integrity Compromise: With remote code execution capabilities, attackers can alter system configurations, install malicious software, or engage in further cybercriminal activities, jeopardizing the integrity of the entire network where Ivanti EPM is deployed.

Affected Version(s)

EPM < 2024 September Security Update

EPM < 2022 SU6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-29847
Created by horizon3ai

CVE-2024-29847
Created by sinsinology

News Articles

favicon imageThe Stack

October Patch Tuesday: MSFT patches 2 exploited zero days

Microsoft has patched a brace of zero days that are under active attack as part of October Patch Tuesday 2024.

2 months ago

favicon imageBleepingComputer

Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices.

3 months ago

favicon imageCSO Online

Newly patched Ivanti CSA flaw under active exploitation

The Cloud Service Appliance command injection vulnerability β€” patched as part of the final update for end-of-life CSA version 4.6 β€” has been attacked in the wild, Ivanti confirms.

3 months ago

Refferences

https://forums.ivanti.com/s/article/Security-Advisory-EPM...

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ”₯

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ”΄

    Public PoC available

  • Vulnerability started trending

  • Vulnerability published

  • πŸ‘Ύ

    Exploit known to exist

  • First article discovered by Help Net Security

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database2 Proof of Concept(s)4 News Article(s)
.