Critical Vulnerability in Ivanti EPM (CVE-2024-29847)

Executive Summary

On September 10^th, 2024, Ivanti published an advisory detailing multiple critical severity vulnerabilities in their Endpoint Management (EPM) product. The EPM product manages IT assets, troubleshooting, and deployment of software and operating systems. A vulnerability in a system with this amount of control over a network environment presents significant risk.

Among the reported vulnerabilities, CVE-2024-29847 is particularly notable. It is the one vulnerability with a CVSS score of 10.0, because it can be exploited remotely, requires no authentication, and is relatively straightforward to attack.

Ivanti's products have experienced critical vulnerabilities that were exploited in cyber-attacks earlier this year, specifically in January (CVE-2023-46805 and CVE-2024-21887) and again in February (CVE-2024-21893, CVE-2024-22024, and CVE-2024-21888). Although the newly discovered vulnerabilities have not yet been abused by threat actors, Beazley Security believes cyber-criminal groups or other threat actors will attempt to weaponize these vulnerabilities. As such Beazley Security strongly recommends that organizations apply the available software patches as quickly as possible.

Affected Systems / Products

Product Name: Ivanti Endpoint Manager

Affected Version (s):
- ‍2024‍
Resolved Version(s): ‍
- 2024 with July and September Security Patches applied, or 2024 SU1 (Not yet released at the time of writing)

Product Name: Ivanti Endpoint Manager

Affected Version (s):
- ‍2022 SU5 and earlier ‍
‍Resolved Version(s): ‍
- 2022 SU6

Mitigations / Workarounds

The vendor reports no mitigations or workarounds are available. Organizations should apply available patches as soon as possible.

Patches

Details for the security fixes can be found on Ivanti’s advisory here.

For EPM 2024:

Download the Security Hot Patch files here.
Close the EPM Console
Extract the folder, open Powershell as an admin and then run the Deploy.ps1
Reboot the Core Server.

For EPM 2022:

Download the patch file here.
Follow Ivanti’s detailed instructions found here.

Technical Details

The vulnerability involves a software exploit known as a deserialization attack. Applications will often need to transfer internal data in memory over a network or into a file and need to put that data through a process called “serialization” to put it in a format that can be transferred. Once transferred, the application will reverse the process (called “deserialization”) to return it back into a state it can use.

Occasionally, deserialization is carried out insecurely, and manipulated serialized data can trigger harmful, unintended consequences. Specifically, in this scenario, the consequence is remote code execution, which results in a complete compromise of an Ivanti Endpoint Management Core Server.

How Beazley Security is Responding

Beazley Security is monitoring client perimeter devices through our Karma product to identify potentially impacted devices and support organizations in remediation of any issues found.

Sources

https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US

Download PDF

Aware of an incident impacting your industry? Let us know:

Report an incident

Prepare

Implement

Defend

Respond

Manage Risk

Beazley Insured

Featured Industries

Enabling readiness and resilience from pre-breach to remediation.

Bringing extensive experience to every engagement.

Nice to meet you. Find out more about our company here.

The latest insights and advisories from our team