CVE-2024-29824

Published May 31, 2024

Last updated a month ago

Insights

Analysis from the Intruder Security Team

Published Oct 7, 2024 Updated Oct 7, 2024

CVE-2024-29824

Unauthenticated SQL Injection & RCE in Ivanti EPM 2022 SU5 and prior, allowing attackers to gain full control over the EPM host.

This vulnerability has been actively exploited in the wild, so we strongly recommend patching as soon as possible.

If exploited, an attacker could use the compromised Ivanti EPM host to move laterally across the network, potentially targeting other infrastructure.

For detailed information and patch instructions, refer to the advisory available here

Overview

Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Source: support@hackerone.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 9.6
Impact score: 6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Known exploits

Data from CISA

Vulnerability name: Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
Exploit added on: Oct 2, 2024
Exploit action due: Oct 23, 2024
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov: CWE-89
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705",
            "versionEndExcluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1877FB55-76BA-4714-ABB8-47258132F537"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F9E8D45-5F12-4D45-A74E-C314FA3618A3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Insights

CVE-2024-29824

Overview

Risk scores

CVSS 3.1

CVSS 3.0

Known exploits

Weaknesses

Social media

Configurations

References