Multiple Critical SQL Injection Vulnerabilities in Ivanti Endpoint Manager

Share :

On 21 May 2024, Ivanti disclosed six critical-severity SQL Injection vulnerabilities affecting Ivanti Endpoint Manager, specifically versions 2022 SU5 and earlier. These six vulnerabilities, identified as CVE-2024-29822 through CVE-2024-29827, each carry a Common Vulnerability Scoring System (CVSS) score of 9.6. They allow unauthenticated attackers within the same network to execute arbitrary code on the Core server. This disclosure was made simultaneously with the release of a security hot patch. 

Ivanti has confirmed that these vulnerabilities have not been actively exploited in the wild. Additionally, Arctic Wolf has not identified a proof of concept (PoC) exploit. While these six vulnerabilities require a threat actor to already be within the network, a potential attack scenario could involve combining one of these vulnerabilities with a separate initial access vulnerability. Earlier this year, threat actors were observed chaining other Ivanti vulnerabilities in attacks that had widespread impact globally. 


Upgrade To a Fixed Version of Ivanti Endpoint Manager

Arctic Wolf strongly recommends upgrading to the latest fixed version of Ivanti Endpoint Manager. Please refer to the advisory published by Ivanti for detailed patching instructions. 

Affected Product  Affected Versions  Fixed Version 
Ivanti Endpoint Manager  2022 SU5 and earlier  Security Hot Patch for 2022 SU5 


Please follow your organisation’s patching and testing guidelines to avoid any operational impact. 


Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents