Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL VULNERABILITIES IN IVANTI ENDPOINT MANAGER (EPM) SOFTWARE, PATCH IMMEDIATELY!
Image
Published : 24/05/2024
Reference:
Advisory #2024-74
Version:
2.0
Affected software:
Ivanti Endpoint Manager (EPM) 2022 SU5 Core server
Type:
Unspecified SQL Injection vulnerabilities
CVE/CVSS:
CVE-2024-29822 until CVE-2024-29827: CVSS 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)CVE-2024-29828 until CVE-2024-29830 + CVE-2024-29846: CVSS 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
Successful exploitation of vulnerabilities CVE-2024-29822 until CVE-2024-29827 (CVSS 9.6) could allow an unauthenticated attacker within the same network to execute arbitrary code.
Similarly, successful exploitation of vulnerabilities CVE-2024-29828 until CVE-2024-29830 + CVE-2024-29846 (CVSS 8.4) could allow an authenticated attacker within the same network to execute arbitrary code.
The described vulnerabilities impact Ivanti Endpoint Manager (EPM) versions 2022 SU5 and earlier.
2024-10-03 Update: According to several sources, this vulnerability is now actively exploited.
The Centre for Cybersecurity Belgium warned in the past for similar vulnerabilities in the same software.
Description
Said vulnerabilities are SQL injection vulnerabilities, allowing an attacker to execute malicious SQL queries to the underlying database. In this case, successful exploitation could lead to remote code execution (RCE).
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.