Ivanti EPM SQL Injection Remote Code Execution Vulnerability - 20240614001

Overview

The WA SOC has been made aware of undisclosed SQL Injection vulnerability in the Core server of Ivanti EPM 2022 SU5 and earlier versions. This vulnerability enables an unauthenticated threat actor within the same network to execute arbitrary code.

What is vulnerable?

Products Affected.	CVE	CVSS	Severity
Ivanti EPM Versions from 2022 SU5 and prior	CVE-2024-29824	9.6	Critical

What has been observed?

There is no evidence of active exploitation in the wild at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• Ivanti Security Advisory May 2024: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
• Ivanti KB Security Advisory EPM May 2024: https://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024

Additional References

• Dark Reading: https://www.darkreading.com/application-security/poc-exploit-critical-rce-bug-ivanti-endpoint-manager