Ivanti has recently addressed multiple critical and high-severity vulnerabilities in its Endpoint Manager (EPM) software. These vulnerabilities could allow unauthorized access, remote code execution, privilege escalation, and sensitive information leaks. Here is an in-depth examination of the details, impacts, and mitigation strategies for these vulnerabilities.
Vulnerability Details
Critical Vulnerabilities
CVE-2024-10811: Absolute Path Traversal
- Description: Allows remote, unauthenticated attackers to access sensitive information by exploiting path traversal issues.
- CVSS Score: 9.8 (Critical)
CVE-2024-13161: Absolute Path Traversal
- Description: Similar to CVE-2024-10811, this vulnerability involves absolute path traversal, enabling attackers to leak sensitive information.
- CVSS Score: 9.8 (Critical)
CVE-2024-13160: Absolute Path Traversal
- Description: This vulnerability also deals with absolute path traversal, allowing unauthorized access to sensitive data.
- CVSS Score: 9.8 (Critical)
CVE-2024-13159: Absolute Path Traversal
- Description: Another path traversal issue that permits attackers to access and leak sensitive information.
- CVSS Score: 9.8 (Critical)
CVE-2024-29822, CVE-2024-29823, CVE-2024-29824, CVE-2024-29825, CVE-2024-29826, CVE-2024-29827: Remote Code Execution
- Description: These vulnerabilities allow remote code execution, potentially giving attackers full control over the affected systems.
- CVSS Score: 9.8 (Critical)
High-Severity Vulnerabilities
CVE-2024-13181: Path Traversal
- Description: Allows remote, unauthenticated attackers to bypass authentication and access sensitive information.
- CVSS Score: 7.5 (High)
CVE-2024-13180: Path Traversal
- Description: Similar to CVE-2024-13181, this vulnerability involves path traversal, enabling unauthorized access to sensitive data.
- CVSS Score: 7.3 (High)
CVE-2024-13179: Path Traversal
- Description: This path traversal vulnerability allows attackers to leak sensitive information.
- CVSS Score: 7.3 (High)
CVE-2024-10630: Race Condition
- Description: Allows attackers to bypass the application blocking functionality, potentially leading to unauthorized actions.
- CVSS Score: 7.8 (High)
Impact
The vulnerabilities in Ivanti Endpoint Manager have significant implications, including:
- Unauthorized Access: Attackers can gain unauthorized access to the EPM core server, compromising its security.
- Remote Code Execution (RCE): Some vulnerabilities enable attackers to execute arbitrary code remotely, leading to potential system takeover.
- Privilege Escalation: Attackers can escalate their privileges, gaining higher levels of access and control over the system.
- Sensitive Information Leak: Path traversal vulnerabilities can lead to the leakage of sensitive information, exposing critical data to attackers.
Mitigation
To address these vulnerabilities, Ivanti has released updates for Endpoint Manager. Users are advised to implement the following mitigation strategies:
- Update to the Latest Version: Apply the latest security updates released by Ivanti to ensure that all identified vulnerabilities are patched. The patches are included in the EPM versions 2024 and 2022 SU6 with the November 2024 security update installed.
- Restrict Access: Follow recommended IP access guidelines to minimize the attack surface. Avoid exposing sensitive endpoints to untrusted networks and ensure that only trusted IP addresses can access the EPM core server.
- Monitor for Suspicious Activity: Implement monitoring solutions to detect any unusual activity related to the vulnerabilities. Use security tools that can identify and alert on suspicious behavior, enabling prompt response to potential threats.
Conclusion
The recent patches released by Ivanti for Endpoint Manager highlight the critical importance of maintaining up-to-date security measures and promptly applying security updates. By following Ivanti’s recommendations and adhering to best practices for security, users can safeguard their systems from potential exploitation and ensure a secure computing environment.
