On September 10, 2024, Ivanti released fixes for CVE-2024-29847, a maximum severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw, found in the agent portal of specific EPM versions, allows Remote Code Execution (RCE) by an unauthenticated attacker due to improper deserialization of untrusted data.
Ivanti has stated that no exploitation of CVE-2024-29847 has been detected in the wild, and Arctic Wolf has not identified any publicly accessible proof of concept (PoC) exploit code. Earlier this year, reports emerged that Chinese state-affiliated threat actors targeted two other Ivanti vulnerabilities in a widespread campaign, compromising thousands of devices. Given this history of targeting Ivanti products, these vulnerabilities could soon attract attention due to the significant access that can be gained by compromising the EPM core server.
Recommendation for CVE-2024-29847
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| Ivanti Endpoint Manager | 2024 |
|
| Ivanti Endpoint Manager | 2022 SU5 and earlier | 2022 SU6 |
Please follow your organization’s patching and testing guidelines to avoid any operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
