Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
Sep 11, 2024
Enterprise Security / Vulnerability
Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 (CVSS score: 10.0) - A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution. CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, and CVE-2024-34785 (CVSS scores: 9.1) - Multiple unspecified SQL injection vulnerabilities that allow a remote authenticated attacker with admin privileges to achieve code execution The flaws impact EPM versions 2024 and 2022 SU5 and earlier, with fixes made available in versions 2024 SU1 and 2022 SU6, respectively. Ivanti said it has found no evidence of the flaws being exploited in the wild as a zero-day, but it's essential that users update to the latest