A critical vulnerability has recently been discovered in Ivanti’s Endpoint Management (EPM) software which organizations use to manage devices running on different platforms.
The flaw, designated CVE-2024-29847, is due to the deserialization of untrusted data that, when exploited, could allow threat actors to execute remote code on the core EPM server.
So far, Ivanti hasn’t observed any exploitation of CVE-2024-29847 in the wild, nor is it aware of a proof-of-concept (PoC) exploit being publicly available. Regardless, Ivanti recommends that users upgrade affected EPM deployments to the latest version as soon as possible.
CVE-2024-29847 was just one of nearly two dozen vulnerabilities recently discovered in Ivanti products. Ivanti is crediting this spike in disclosed vulnerabilities to its recent increase in scanning, manual exploitation, and testing to address potential vulnerabilities faster.
Source: Bleeping Computer
Analysis
Ivanti has struggled with vulnerabilities in many of its products in 2024, some of them zero days targeted by nation-state actors to deploy various custom malware strains.
Ivanti’s Connect Secure and Policy Secure gateways even had the dubious honor of being the subject of the Cybersecurity and Infrastructure Security Agency’s (CISA) first emergency directive of 2024 ordering federal agencies to secure vulnerable gateways. Thus, it’s no surprise that Ivanti would double down on its efforts to proactively identify vulnerabilities, which appears to bear fruit considering the abovementioned vulnerabilities.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software like Ivanti EPM. Field Effect MDR users are automatically notified if a vulnerable version of EPM is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends users of affected EPM appliances update to the latest version as soon as possible, in accordance with the advisory.
Related Articles
