Multiple Critical Vulnerabilities Discovered in Ivanti Endpoint Manager

Ivanti, a prominent provider of IT management and security solutions, has issued urgent security advisories warning of multiple critical vulnerabilities within its Endpoint Manager (EPM) product. These vulnerabilities, if exploited, could grant attackers significant control over an organization’s network endpoints, including desktops, laptops, servers, and mobile devices.

The disclosed vulnerabilities primarily revolve around SQL injection attacks, a common technique used by hackers to manipulate database queries and execute unauthorized commands. In the case of Ivanti EPM, successful exploitation could lead to remote code execution, allowing attackers to take control of vulnerable systems.

• CVE-2024-29822 to CVE-2024-29827 (CVSS 9.6): These six vulnerabilities are particularly concerning, as they enable unauthenticated attackers within the same network to execute arbitrary code on the EPM Core server, potentially granting them extensive access and control.

• CVE-2024-29828 to CVE-2024-29830, CVE-2024-29846 (CVSS 8.4): These additional vulnerabilities also involve SQL injection, but they require attackers to be authenticated on the network, lowering the immediate risk slightly. However, once authenticated, attackers could still leverage these flaws to execute arbitrary code.

The potential impact of these vulnerabilities is substantial, given the widespread deployment of Ivanti EPM across various organizational environments. The ability for unauthenticated attackers to execute arbitrary code (as seen in CVE-2024-29822 through CVE-2024-29827) could lead to complete system takeover, data breaches, and significant operational disruptions. Authenticated attacker vulnerabilities (CVE-2024-29828 through CVE-2024-29830 and CVE-2024-29846) pose a similar risk but require initial network access.

All versions of Ivanti EPM 2022 prior to Service Update 5 are susceptible to these vulnerabilities. Ivanti has released a patch to address these critical issues, and organizations are strongly urged to apply it as soon as possible.

While Ivanti has not received reports of active exploitation of these vulnerabilities, the potential impact is severe. Given the widespread use of EPM for managing enterprise endpoints, organizations must act proactively to protect their networks and data.