Ivanti Patches SQLi Vulnerability (CVE-2024-37381) in Endpoint Management Software

CVE-2024-37381

Ivanti, a prominent provider of endpoint management solutions, has promptly addressed a SQL Injection vulnerability in its Endpoint Management (EPM) software. This vulnerability, designated as CVE-2024-37381, could have enabled authenticated attackers within the same network to execute arbitrary code on affected systems.

CVE-2024-37381

The EPM software, designed to streamline management of diverse device platforms like Windows, macOS, Chrome OS, and IoT, is widely utilized across various industries. The discovery of the SQL injection flaw, rated with a CVSS score of 8.4 (High), prompted immediate action from Ivanti to mitigate the potential risk to its customers.

While Ivanti has not received any reports of exploitation in the wild, the company urges all users of EPM 2024 flat to promptly apply the available security hot patch. The patch provides a crucial defense against potential attackers seeking to leverage the vulnerability to gain unauthorized access or execute malicious code.

To address the CVE-2024-37381 flaw, Ivanti has released a Security Hot Patch specifically for EPM 2024 flat. The patch involves updating four crucial DLL files on the Core Server, ensuring the vulnerability is effectively mitigated.

Applying the Security Hot Patch

  1. Download the Security Hot Patch files: Ivanti has made these files available for download on their official support page.
  2. Unblock the DLL files: Before replacing the original files, ensure they are unblocked using PowerShell.
  3. Replace the original DLLs: The new DLLs need to be placed in the following directories:
    • Filename Location on EPM Core
      PatchApi.dll C:\Program Files\LANDesk\ManagementSuite\patchapi\bin
      MBSDKService.dll C:\Program Files\LANDesk\ManagementSuite\LANDesk\mbsdkservice\bin
      C:\Program Files\LANDesk\ManagementSuite\ldmain\landesk\mbsdkservice\bin

    Alternatively, administrators can use the provided PowerShell script for an automated update process:

    • Extract the EPM_2024_hotpatch folder and place it in the specified directory.
    • Open PowerShell as an administrator and run JulyEPM2024HotPatch.ps1.
  4. Restart the Core Server: After replacing the DLLs, either reboot the Core Server or, if rebooting is not an option, close the EPM Console and run IISRESET to ensure the new DLLs are loaded.

Organizations relying on Ivanti EPM are strongly advised to prioritize the application of the security hot patch to protect their systems and data from potential compromise.