On November 12, 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE) by an unauthenticated attacker.
Ivanti has stated that no exploitation of CVE-2024-50330 has been detected in the wild, and Arctic Wolf has not identified any publicly accessible proof of concept (PoC) exploit code. Earlier this year, reports emerged that Chinese state-affiliated threat actors targeted two other Ivanti vulnerabilities in a widespread campaign, compromising thousands of devices. Given the significant access that could be obtained by exploiting this vulnerability and the history of Ivanti exploitation, it is likely threat actors will leverage the patch to create a PoC exploit.
Recommendation for CVE-2024-50330
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| Ivanti Endpoint Manager (EPM) |
|
|
Please follow your organization’s patching and testing guidelines to avoid any operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
