September 16, 2024 at 03:12PM
A critical remote code execution (RCE) vulnerability, CVE-2024-29847, in Ivanti Endpoint Manager was exploited and publicly released by security researcher Sina Kheirkhah. The flaw allows a remote attacker to execute arbitrary operations and should be patched immediately with the security update released in September 2024. Additionally, other Ivanti vulnerabilities are actively exploited, emphasizing the urgency of applying patches.
From the meeting notes:
– A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, has been publicly released.
– The vulnerability was discovered by security researcher Sina Kheirkhah and reported through the Zero Day Initiative on May 1, 2024.
– The exploit involves insecure deserialization within the AgentPortal.exe executable, allowing a remote attacker to inject malicious objects and execute arbitrary operations, including web shells that can execute arbitrary code.
– Ivanti has released a security patch for both EPM 2022 and 2024, with SU6 and September 2024 updates, respectively. The patch is the only recommended mitigation.
– CISA has warned about another actively exploited vulnerability in Ivanti’s products, including a high-severity remote code execution flaw in the Cloud Services Appliance (CSA), tracked as CVE-2024-8190. The deadline to secure vulnerable appliances is October 4, 2024.
Please let me know if you need further clarification or information regarding the meeting notes.