The US CISA has added Ivanti EPM flaw to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
CVE-2024-29824
Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability: Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the RecordGoodApp method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account.
Ivanti Endpoint Manager prior to 2022 SU5 Hot Patch. Customers are advised to upgrade to the latest version following the advisory.
Federal agencies are given a timeline until October 23, 2024, to remediate the vulnerability
