June 13, 2024 at 03:40PM
Researchers developed a proof-of-concept exploit for an SQL injection bug, CVE-2024-29824, in Ivanti Endpoint Manager. The bug allows unauthenticated attackers to execute code remotely, posing a significant threat. Ivanti responded promptly, releasing a patch within six weeks. Organizations are advised to implement the patch and restrict access to the management interface for added security.
Key takeaways from the meeting notes:
1. There is a critical SQL injection vulnerability, CVE-2024-29824, in Ivanti Endpoint Manager, allowing unauthenticated attackers to perform remote code execution with a 9.8 CVSS score.
2. The vulnerability was discovered by an independent researcher and sold to Trend Micro’s Zero Day Initiative (ZDI), who informed Ivanti of the issue on April 3.
3. The specific flaw was in “RecordGoodApp,” a method within a DLL file called “PatchBiz,” allowing attackers to execute arbitrary commands.
4. Ivanti responded by producing a patch within six weeks and published it on May 24. Customers are advised to implement the patch promptly to mitigate the risk of exploitation.
5. Despite previous security problems, Ivanti has made strides in addressing vulnerabilities in a timely manner.
6. Organizations are recommended to restrict the accessibility of their management interfaces to specific trusted IP addresses.
Please let me know if there’s anything else you need assistance with.