Description

Ivanti Endpoint Manager (EPM) contains an SQL injection vulnerability (CVE-2024-29824) that allows unauthenticated attackers on the adjacent network to execute arbitrary SQL commands. This vulnerability can be exploited to achieve remote code execution on the affected system, leading to complete system compromise.

Remediation

Apply security patches immediately by upgrading Ivanti EPM to the latest patched version as specified in the Ivanti Security Advisory (May 2024). Follow these steps:

1. Review the Ivanti Security Advisory to identify the appropriate patch version for your EPM deployment
2. Schedule a maintenance window and create a full system backup before applying updates
3. Download and install the latest security patches from the official Ivanti support portal
4. Verify the patch installation was successful and test critical EPM functionality
5. Monitor system logs for any signs of prior exploitation

As an interim mitigation if immediate patching is not possible, restrict network access to the EPM server to trusted IP addresses only and monitor for suspicious SQL queries in application logs.

References

KB Security Advisory EPM May 2024

Horizon3 AI Detailed Analysis

Related Vulnerabilities

PostgreSQL Improper Access Control Vulnerability (CVE-2019-10127)

Oracle Database Server CVE-2009-1007 Vulnerability (CVE-2009-1007)

MySQL CVE-2019-2755 Vulnerability (CVE-2019-2755)

Django CVE-2024-41989 Vulnerability (CVE-2024-41989)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2402)

Severity

High

Classification

CVE-2024-29824 CWE-89 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution SQL Injection Known Vulnerabilities Acumonitor