On 21 May 2024, Ivanti disclosed six critical-severity SQL Injection vulnerabilities affecting Ivanti Endpoint Manager, specifically versions 2022 SU5 and earlier. These six vulnerabilities, identified as CVE-2024-29822 through CVE-2024-29827, each carry a Common Vulnerability Scoring System (CVSS) score of 9.6. They allow unauthenticated attackers within the same network to execute arbitrary code on the Core server. This disclosure was made simultaneously with the release of a security hot patch.
Ivanti has confirmed that these vulnerabilities have not been actively exploited in the wild. Additionally, Arctic Wolf has not identified a proof of concept (PoC) exploit. While these six vulnerabilities require a threat actor to already be within the network, a potential attack scenario could involve combining one of these vulnerabilities with a separate initial access vulnerability. Earlier this year, threat actors were observed chaining other Ivanti vulnerabilities in attacks that had widespread impact globally.
Recommendations
Upgrade To a Fixed Version of Ivanti Endpoint Manager
Arctic Wolf strongly recommends upgrading to the latest fixed version of Ivanti Endpoint Manager. Please refer to the advisory published by Ivanti for detailed patching instructions.
Affected Product | Affected Versions | Fixed Version |
Ivanti Endpoint Manager | 2022 SU5 and earlier | Security Hot Patch for 2022 SU5 |
Please follow your organisation’s patching and testing guidelines to avoid any operational impact.
References