Ivanti fixed a critical vulnerability in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server
The vulnerability tracked as CVE-2024-29847 with a CVSS score of 10, in its Endpoint Management software (EPM) is a deserialization of untrusted data issue that resides in the agent portal, attackers can exploit the flaw to achieve remote code execution on the core server.
Ivanti also fixed other vulnerabilities that can be exploited to achieve unauthorized access to the EPM core server.
- CVE-2024-32840
- CVE-2024-32842
- CVE-2024-32843
- CVE-2024-32845
- CVE-2024-32846
- CVE-2024-32848
- CVE-2024-34779
- CVE-2024-34783
- CVE-2024-34785
These vulnerabilities impact Ivanti Endpoint Manager versions 2024 and 2022 SU5 and earlier, the versions 2024 with Security Patch, (Need to apply both July and September)2024 SU1 (To be released) and 2022 SU6 fixed the problems
Ivanti said that it’s not aware of attacks in the wild, exploiting the vulnerabilities in the advisory.
