CVE-2024-50330 (CVSS 9.8): Unpatched Ivanti Endpoint Manager Vulnerable to RCE Attacks

CVE-2024-50330

Software company Ivanti has released urgent security updates for its Endpoint Manager to address a range of vulnerabilities, including several that could allow for remote code execution (RCE).

The vulnerabilities, some of which are rated as high and critical severity, could allow attackers to gain unauthorized access to systems, potentially leading to data breaches and operational disruptions.

The most critical vulnerability, CVE-2024-50330 (CVSS 9.8), is a SQL injection flaw that could allow a remote unauthenticated attacker to achieve RCE. Other vulnerabilities include:

  • CVE-2024-50323, CVE-2024-34787, CVE-2024-50322 (CVSS 7.8): Path traversal vulnerabilities that could allow a local unauthenticated attacker to achieve code execution (user interaction required).
  • CVE-2024-32839, CVE-2024-32841, CVE-2024-32844, CVE-2024-32847, CVE-2024-34780, CVE-2024-37376, CVE-2024-34781, CVE-2024-34782, CVE-2024-34784, CVE-2024-50324, CVE-2024-50326, CVE-2024-50327, CVE-2024-50328 (CVSS 7.2): SQL injection vulnerabilities that could allow a remote authenticated attacker with admin privileges to achieve RCE.
  • CVE-2024-50329 (CVSS 8.8): A path traversal vulnerability that could allow a remote unauthenticated attacker to achieve RCE (user interaction required).

Ivanti has addressed these vulnerabilities in the November Security Update for both the 2024 and 2022 SU6 versions of Endpoint Manager. Customers are strongly advised to update their products to the latest versions as soon as possible to mitigate the risk of potential attacks.

The company has stated that they are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. However, given the severity of the flaws, it is crucial for users to take immediate action and patch their systems.

Related Posts: