{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-094.pdf"
    },
    "title": "Critical Vulnerabilities in Ivanti EPM",
    "serial_number": "2024-094",
    "publish_date": "11-09-2024 16:46:40",
    "description": "On September 10, 2024, Ivanti addressed several critical and high security vulnerabilities its Endpoint Manager (EPM) product.<br>\nIt is recommended updating as soon as possible.<br>\n",
    "url_title": "2024-094",
    "content_markdown": "---    \ntitle: 'Critical Vulnerabilities in Ivanti EPM'\nnumber: '2024-094'\nversion: '1.0'\noriginal_date: '2024-09-10'\ndate: '2024-09-11'\n---\n\n_History:_\n\n* _11/09/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn September 10, 2024, Ivanti addressed several critical and high security vulnerabilities its Endpoint Manager (EPM) product [1].\n\nIt is recommended updating as soon as possible.\n\n# Technical Details\n\nThe most severe vulnerability, **CVE-2024-29847**, with a CVSS score of 10, is due to improper input validation which could lead to deserialisation of untrusted data in the agent portal of Ivanti EPM. It could allow a remote unauthenticated attacker to achieve remote code execution. \n\nThe vulnerabilities **CVE-2024-32840**, **CVE-2024-32842**, **CVE-2024-32843**, **CVE-2024-32845**, **CVE-2024-32846**, **CVE-2024-32848** and **CVE-2024-34779**, with a CVSS score of 9.1, are SQL injection flaws in Ivanti EPM. They could allow an authenticated remote attacker with admin privileges to achieve remote code execution on the server.\n\n# Affected Products\n\nThe following product versions are affected [1]:\n\n- Ivanti Endpoint Manager (EPM) 2022 SU5 and earlier.\n- Ivanti Endpoint Manager (EPM) 2024.\n\n# Recommendations\n\nCERT-EU strongly recommends updating affected devices as soon as possible.\n\n# References\n\n[1] <https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>11/09/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On September 10, 2024, Ivanti addressed several critical and high security vulnerabilities its Endpoint Manager (EPM) product [1].</p><p>It is recommended updating as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The most severe vulnerability, <strong>CVE-2024-29847</strong>, with a CVSS score of 10, is due to improper input validation which could lead to deserialisation of untrusted data in the agent portal of Ivanti EPM. It could allow a remote unauthenticated attacker to achieve remote code execution. </p><p>The vulnerabilities <strong>CVE-2024-32840</strong>, <strong>CVE-2024-32842</strong>, <strong>CVE-2024-32843</strong>, <strong>CVE-2024-32845</strong>, <strong>CVE-2024-32846</strong>, <strong>CVE-2024-32848</strong> and <strong>CVE-2024-34779</strong>, with a CVSS score of 9.1, are SQL injection flaws in Ivanti EPM. They could allow an authenticated remote attacker with admin privileges to achieve remote code execution on the server.</p><h2 id=\"affected-products\">Affected Products</h2><p>The following product versions are affected [1]:</p><ul><li>Ivanti Endpoint Manager (EPM) 2022 SU5 and earlier.</li><li>Ivanti Endpoint Manager (EPM) 2024.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends updating affected devices as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US\">https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}