Ivanti fixes maximum severity RCE bug in Endpoint Management software
Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server.
Ivanti EPM helps admins manage client devices that run various platforms, including Windows, macOS, Chrome OS, and IoT operating systems.
The security flaw (CVE-2024-29847) is caused by a deserialization of untrusted data weakness in the agent portal that has been addressed in Ivanti EPM 2024 hot patches and Ivanti EPM 2022 Service Update 6 (SU6).
"Successful exploitation could lead to unauthorized access to the EPM core server," the company said in an advisory published today.
For the moment, Ivanti added that they're "not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise."
Today, it also fixed almost two dozen more high and critical severity flaws in Ivanti EPM, Workspace Control (IWC), and Cloud Service Appliance (CSA) that haven't been exploited in the wild before being patched.
In January, the company patched a similar RCE vulnerability (CVE-2023-39336) in Ivanti EPM that could be exploited to access the core server or hijack enrolled devices.
Rise in fixed flaws due to security improvements
Ivanti said it had escalated internal scanning, manual exploitation, and testing capabilities in recent months while also working on improving its responsible disclosure process to address potential issues faster.
"This has caused a spike in discovery and disclosure, and we agree with CISAs statement that the responsible discovery and disclosure of CVEs is 'a sign of healthy code analysis and testing community,'" Ivanti said.
This statement follows extensive in-the-wild exploitation of multiple Ivanti zero-days in recent years. For instance, Ivanti VPN appliances have been targeted since December 2023 using exploits chaining the CVE-2024-21887 command injection and the CVE-2023-46805 authentication bypass flaws as zero days.
The company also warned of a third zero-day (a server-side request forgery bug now tracked as CVE-2024-21893) under mass exploitation in February, allowing attackers to bypass authentication on vulnerable ICS, IPS, and ZTA gateways.
Ivanti says it has over 7,000 partners worldwide, and over 40,000 companies use its products to manage their IT assets and systems.
source: BleepingComputer
Free security scan for your website
Top News:
Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
November 12, 2024Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024