Ethical Hacking News
The National Vulnerability Database (NVD) has issued a critical vulnerability alert for Ivanti Endpoint Manager (EPM), version 2022 SU5 and prior. The vulnerability, identified as CVE-2024-29824, is an unspecified SQL injection flaw that allows an unauthenticated attacker within the same network to execute arbitrary code. Learn more about this high-severity vulnerability and how to mitigate it.
The National Vulnerability Database (NVD) has issued a critical vulnerability alert for Ivanti Endpoint Manager (EPM), version 2022 SU5 and prior.The vulnerability, CVE-2024-29824, is an unspecified SQL injection flaw that allows an unauthenticated attacker to execute arbitrary code.Exploitation prediction scoring system (EPSS) scores indicate a high probability of exploitation activity in the next 30 days.Patches are available from Ivanti, and users should apply them or discontinue use if patching options are unavailable.
NVD Vulnerability Alert: Ivanti EPM SQL Injection Vulnerability
The National Vulnerability Database (NVD) has issued a critical vulnerability alert for Ivanti Endpoint Manager (EPM), version 2022 SU5 and prior. The vulnerability, identified as CVE-2024-29824, is an unspecified SQL injection flaw that allows an unauthenticated attacker within the same network to execute arbitrary code.
According to the NVD, this vulnerability is a result of an issue in the Core server of Ivanti EPM, where an attacker can inject malicious SQL queries, potentially leading to remote code execution. The vulnerability is rated as Critical (CVSS v4.0 severity: 9.6) and is classified under CWE-89, which pertains to Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').
The Ivanti EPM Core server uses a SQL injection vulnerability to execute arbitrary code, allowing an attacker with network access to exploit this flaw. The attack vector for this vulnerability is Adjacent Network, and the attack complexity is Low, while no user interaction or privileges are required to execute the vulnerability.
To mitigate this vulnerability, users can apply patches provided by Ivanti or discontinue use of the product if patching options are unavailable. Users should ensure that they have access to the latest version of Ivanti EPM, which includes the necessary security patches for CVE-2024-29824.
Exploitation prediction scoring system (EPSS) scores indicate a high probability of exploitation activity in the next 30 days, with approximately 30% of vulnerabilities scored at or less. Furthermore, there are available metasploit modules that can be used to exploit this vulnerability, such as Ivanti EPM Record GoodApp SQLi RCE.
Related Information:
https://thehackernews.com/2024/10/ivanti-endpoint-manager-flaw-actively.html
https://techcrunch.com/2024/10/03/cisa-issues-warning-about-another-ivanti-flaw-under-active-attack/
https://nvd.nist.gov/vuln/detail/CVE-2024-29824
https://www.cvedetails.com/cve/CVE-2024-29824/
https://www.bleepingcomputer.com/news/security/critical-ivanti-rce-flaw-with-public-exploit-now-used-in-attacks/
https://www.securityweek.com/ivanti-epm-vulnerability-exploited-in-the-wild/
Published: Fri Oct 4 15:07:45 2024 by llama3.2 3B Q4_K_M