Ivanti Patches Critical Vulnerabilities in Endpoint Manager

Ivanti Patches Critical Vulnerabilities in Endpoint Manager

September 11, 2024 at 06:57AM

Ivanti announced security updates for Endpoint Manager, Cloud Service Appliance, and Workspace Control, addressing multiple high-severity vulnerabilities. Patches for Endpoint Manager resolve 16 flaws, including CVE-2024-29847, a critical-severity bug allowing remote code execution. Cloud Service Appliance patch resolves an OS command injection flaw. Workspace Control patches address six high-severity vulnerabilities.

From the provided meeting notes, here are the key takeaways:

1. Ivanti announced security updates for several products, including Endpoint Manager, Cloud Service Appliance, and Workspace Control, addressing multiple critical and high-severity vulnerabilities.

2. The patches for Endpoint Manager versions 2024 and 2022 SU5 resolved 16 flaws, 10 of which were critical-severity bugs allowing attackers to execute arbitrary code remotely.

3. The most severe security defect, CVE-2024-29847, has a CVSS score of 10 and is described as a deserialization of untrusted data issue that allows remote code execution without authentication.

4. Ivanti also released patches for a high-severity vulnerability in Cloud Service Appliance, addressing an OS command injection flaw (CVE-2024-8190) that could allow authenticated attackers with admin level privileges to achieve remote code execution.

5. Lastly, patches were released for six high-severity vulnerabilities in Workspace Control affecting versions 10.18.0.0 and prior, which were addressed in version 10.18.99.0 of the application.

Overall, Ivanti has no evidence of these vulnerabilities being exploited in the wild. More information can be found in the vendor’s security advisory.

Full Article