WARNING: ONE CRITICAL AND FOUR HIGH-SEVERITY VULNERABILITIES IN IVANTI ENDPOINT MANAGER THAT CAN CAUSE REMOTE CODE EXECUTION BY AN UNAUTHENTICATED ATTACKER, PATCH IMMEDIATELY!

Reference:
Advisory #2024-265

Version:
1.0

Affected software:
Ivanti Endpoint Manager version before 2024 November Security Update, 2022 SU6 November Security Update

Type:
SQL injection, Path traversal & Remote Code Execution

CVE/CVSS:
CVE-2024-50330
CVSS 9.8(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVE-2024-50329
CVSS 8.8(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVE-2024-50322
CVSS 7.8(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVE-2024-50323
CVSS 7.8(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)CVE-2024-34787
CVSS 7.8(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Sources

• https://www.tenable.com/cve/CVE-2024-50330
• https://www.tenable.com/cve/CVE-2024-50329
• https://www.tenable.com/cve/CVE-2024-50322
• https://www.tenable.com/cve/CVE-2024-50323
• https://www.tenable.com/cve/CVE-2024-34787

Risks

Ivanti Endpoint Manager is a widely used tool to manage and protect Windows, macOS, Linux devices. It aids in increasing end user and IT admin productivity and efficiency. It helps authentication and supervision of access rights of endpoint devices to a network.

All those five vulnerabilities in Ivanti Endpoint Manager have a high impact in Confidentiality, Integrity, Availability.

Description

CVE-2024-50330
Allows an unauthenticated attacker to use a SQL injection to perform Remote Code Execution.

CVE-2024-50329
Allows an unauthenticated attacker to use path traversal to perform Remote Code Execution.

CVE-2024-50322
Allows an unauthenticated attacker to use path traversal to perform Code Execution. User interaction is necessary.

CVE-2024-50323
Allows an unauthenticated attacker to use a SQL injection to perform Code Execution. User interaction is necessary.

CVE-2024-34787
Allows an unauthenticated attacker to use path traversal to perform Code Execution. User interaction is necessary.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

• https://download.ivanti.com/downloads/Patch/component/EPM2024/Security/Flat/EPM_2024_Flat_November_2024_Patch.zip
• https://download.ivanti.com/downloads/Patch/component/EPM2022/Security/SU6/EPM_2022_SU6_November_2024_Patch.zip