Latest Security Patches Released by Ivanti to Secure Endpoint Manager from Exploits

September 11, 2024Ravie LakshmananCorporate Security / Vulnerability

Ivanti has pushed out patches to resolve numerous security weaknesses affecting Endpoint Manager (EPM), including 10 critical vulnerabilities that may lead to remote code execut

September 11, 2024Ravie LakshmananCorporate Security / Vulnerability

Ivanti has pushed out patches to resolve numerous security weaknesses affecting Endpoint Manager (EPM), including 10 critical vulnerabilities that may lead to remote code execution.

A concise overview of the issues is as below –

CVE-2024-29847 (CVSS score: 10.0) – An untrusted data deserialization flaw enabling remote unauthenticated attackers to achieve code execution.
CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, and CVE-2024-34785 (CVSS scores: 9.1) – Multiple unspecified SQL injection vulnerabilities allowing remote authenticated attackers with administrator privileges to accomplish remote code execution

The vulnerabilities affect EPM versions 2024 and 2022 SU5 and prior, with solutions now available in versions 2024 SU1 and 2022 SU6, respectively.

Additionally, the September update includes addressing seven serious weaknesses in Ivanti Workspace Control (IWC) and Ivanti Cloud Service Appliance (CSA).

The company stated that it has augmented its internal scanning, manual exploit, and testing capabilities, along with enhancing its liable disclosure process to swiftly uncover and tackle potential concerns.

“This has led to a surge in detection and disclosure,” as highlighted by the company’s announcement.

This occurrence follows the recent widespread exploitation of multiple zero-days in Ivanti appliances, including by China-affiliated cyber espionage units to infiltrate networks of significance.

It also aligns with Zyxel’s rollout of remedies for a severe operating system (OS) command injection vulnerability (CVE-2024-6342, CVSS score: 9.8) across two of its network-attached storage (NAS) devices.

“An OS command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 devices could permit an unauthorized attacker to execute certain OS commands via a crafted HTTP POST request,” the company expressed in an alert.

The security flaw has been corrected in the following versions –

NAS326 (impacts V5.21(AAZF.18)C0 and preceding) – Rectified in V5.21(AAZF.18)Hotfix-01
NAS542 (impacts V5.21(ABAG.15)C0 and preceding) – Corrected in V5.21(ABAG.15)Hotfix-01

Found this piece intriguing? Stay connected with us on Twitter and LinkedIn for more exclusive content updates.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts